diff options
author | Jeffrey Walton <noloader@gmail.com> | 2016-12-24 04:55:21 -0500 |
---|---|---|
committer | Jeffrey Walton <noloader@gmail.com> | 2016-12-24 04:55:21 -0500 |
commit | b19332a69fbd7b82f0e08c18f55a6880487d55e9 (patch) | |
tree | 4e89772bddbddce002276efa1d145e8a210c3be5 /asn.cpp | |
parent | 3475a235bf2c5620bc7c3fe87329e0761f24709b (diff) | |
download | cryptopp-git-b19332a69fbd7b82f0e08c18f55a6880487d55e9.tar.gz |
Add additional validations based on X.690 rules
The library was a tad bit fast and loose with respect to parsing some of the ASN.1 presented to it. It was kind of like we used Alternate Encoding Rules (AER), which was more relaxed than BER, CER or DER. This commit closes most of the gaps.
The changes are distantly related to Issue 346. Issue 346 caught a CVE bcause of the transient DoS. These fixes did not surface with negative effcts. Rather, the library was a bit too accomodating to the point it was not conforming
Diffstat (limited to 'asn.cpp')
-rw-r--r-- | asn.cpp | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -123,7 +123,7 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str) size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
- if (bc > bt.MaxRetrievable())
+ if (bc > bt.MaxRetrievable()) // Issue 346
BERDecodeError();
str.New(bc);
@@ -141,7 +141,7 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation & size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
- if (bc > bt.MaxRetrievable())
+ if (bc > bt.MaxRetrievable()) // Issue 346
BERDecodeError();
bt.TransferTo(str, bc);
@@ -165,7 +165,7 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
- if (bc > bt.MaxRetrievable())
+ if (bc > bt.MaxRetrievable()) // Issue 346
BERDecodeError();
SecByteBlock temp(bc);
@@ -196,11 +196,12 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne BERDecodeError();
if (bc == 0)
BERDecodeError();
- if (bc > bt.MaxRetrievable())
+ if (bc > bt.MaxRetrievable()) // Issue 346
BERDecodeError();
+ // X.690, 8.6.2.2: "The number [of unused bits] shall be in the range zero to seven"
byte unused;
- if (!bt.Get(unused))
+ if (!bt.Get(unused) || unused > 7)
BERDecodeError();
unusedBits = unused;
str.resize(bc-1);
|