libtasn1: updated to latest libtasn1 master branch

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Tue, 9 Jan 2018 10:31:45 +0000 (11:31 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Tue, 9 Jan 2018 10:31:45 +0000 (11:31 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 9 Jan 2018 10:31:45 +0000 (11:31 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 9 Jan 2018 10:31:45 +0000 (11:31 +0100)
diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c

index 2240b09406364c9d2bce9c34bc230a1e7cdee6ff..0ee35d3d093b9815def2b1547cea3aaab119c80a 100644 (file)
--- a/lib/minitasn1/decoding.c
+++ b/lib/minitasn1/decoding.c
@@ -45,6 +45,13 @@
  
  #define DECODE_FLAG_HAVE_TAG 1
  #define DECODE_FLAG_INDEFINITE (1<<1)
+/* On indefinite string decoding, allow this maximum levels
+ * of recursion. Allowing infinite recursion, makes the BER
+ * decoder susceptible to stack exhaustion due to that recursion.
+ */
+#define DECODE_FLAG_LEVEL1 (1<<2)
+#define DECODE_FLAG_LEVEL2 (1<<3)
+#define DECODE_FLAG_LEVEL3 (1<<4)
  
  #define DECR_LEN(l, s) do { \
           l -= s; \
@@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
      }
  
    /* indefinite constructed */
-  if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype))
+  if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) &&
+      !(dflags & DECODE_FLAG_LEVEL3))
      {
        len_len = 1;
  
@@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
        do
          {
            unsigned tmp_len;
+          unsigned flags = DECODE_FLAG_HAVE_TAG;
+
+          if (dflags & DECODE_FLAG_LEVEL1)
+                flags |= DECODE_FLAG_LEVEL2;
+          else if (dflags & DECODE_FLAG_LEVEL2)
+               flags |= DECODE_FLAG_LEVEL3;
+         else
+               flags |= DECODE_FLAG_LEVEL1;
  
-          result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len);
+          result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len,
+                                           flags);
            if (result != ASN1_SUCCESS)
              {
                warn();
diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h

index 4ee4c54e60111966de3507348ad90195e143a396..626b11ec672399ad82dacd0b7d29df8a2301b20f 100644 (file)
--- a/lib/minitasn1/libtasn1.h
+++ b/lib/minitasn1/libtasn1.h
@@ -44,7 +44,7 @@ extern "C"
  {
  #endif
  
-#define ASN1_VERSION "4.11"
+#define ASN1_VERSION "4.12"
  
  #if defined(__GNUC__) && !defined(ASN1_INTERNAL_BUILD)
  # define _ASN1_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c

index 976ab38f1863845c03ed5730d91ebe0113348f79..786ea640a45ea222f29ec932581796575d2fed33 100644 (file)
--- a/lib/minitasn1/parser_aux.c
+++ b/lib/minitasn1/parser_aux.c
@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node)
           if (p2 == NULL)
             {
               if (p->value)
-               _asn1_strcpy (_asn1_identifierMissing, p->value);
+               _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value);
               else
                 _asn1_strcpy (_asn1_identifierMissing, "(null)");
               return ASN1_IDENTIFIER_NOT_FOUND;
@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node)
           if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT))
             {
               _asn1_str_cpy (name2, sizeof (name2), node->name);
-             _asn1_str_cat (name2, sizeof (name2), ".");
-             _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
-             _asn1_strcpy (_asn1_identifierMissing, p2->value);
+             if (p2->value)
+               {
+                 _asn1_str_cat (name2, sizeof (name2), ".");
+                 _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+                 _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+               }
+             else
+               _asn1_strcpy (_asn1_identifierMissing, "(null)");
+
               p2 = asn1_find_node (node, name2);
               if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) ||
                   !(p2->type & CONST_ASSIGN))
@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node)
                   _asn1_str_cpy (name2, sizeof (name2), node->name);
                   _asn1_str_cat (name2, sizeof (name2), ".");
                   _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
-                 _asn1_strcpy (_asn1_identifierMissing, p2->value);
+                 _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value);
+
                   p2 = asn1_find_node (node, name2);
                   if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID)
                       || !(p2->type & CONST_ASSIGN))
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Tue, 9 Jan 2018 10:31:45 +0000 (11:31 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Tue, 9 Jan 2018 10:31:45 +0000 (11:31 +0100)
lib/minitasn1/decoding.c		patch \| blob \| blame \| history
lib/minitasn1/libtasn1.h		patch \| blob \| blame \| history
lib/minitasn1/parser_aux.c		patch \| blob \| blame \| history