diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-01-09 11:34:22 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-01-09 11:34:44 +0100 |
commit | 48f39886d2e01a0ace54447de8b1a00087748255 (patch) | |
tree | 37244c0c403c8ad9a21cc35a68a0cd525e89689d /lib/minitasn1 | |
parent | c6379175fafb2818d7a671c26d6e33f8305f0416 (diff) | |
download | gnutls-tmp-gnutls_3_5_x-update-libtasn1.tar.gz |
libtasn1: updated to latest master branchtmp-gnutls_3_5_x-update-libtasn1
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/minitasn1')
-rw-r--r-- | lib/minitasn1/decoding.c | 21 | ||||
-rw-r--r-- | lib/minitasn1/libtasn1.h | 2 | ||||
-rw-r--r-- | lib/minitasn1/parser_aux.c | 17 |
3 files changed, 32 insertions, 8 deletions
diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c index 2240b09406..0ee35d3d09 100644 --- a/lib/minitasn1/decoding.c +++ b/lib/minitasn1/decoding.c @@ -45,6 +45,13 @@ #define DECODE_FLAG_HAVE_TAG 1 #define DECODE_FLAG_INDEFINITE (1<<1) +/* On indefinite string decoding, allow this maximum levels + * of recursion. Allowing infinite recursion, makes the BER + * decoder susceptible to stack exhaustion due to that recursion. + */ +#define DECODE_FLAG_LEVEL1 (1<<2) +#define DECODE_FLAG_LEVEL2 (1<<3) +#define DECODE_FLAG_LEVEL3 (1<<4) #define DECR_LEN(l, s) do { \ l -= s; \ @@ -2216,7 +2223,8 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, } /* indefinite constructed */ - if (((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) + if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && + !(dflags & DECODE_FLAG_LEVEL3)) { len_len = 1; @@ -2236,8 +2244,17 @@ _asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, do { unsigned tmp_len; + unsigned flags = DECODE_FLAG_HAVE_TAG; + + if (dflags & DECODE_FLAG_LEVEL1) + flags |= DECODE_FLAG_LEVEL2; + else if (dflags & DECODE_FLAG_LEVEL2) + flags |= DECODE_FLAG_LEVEL3; + else + flags |= DECODE_FLAG_LEVEL1; - result = asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len); + result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, + flags); if (result != ASN1_SUCCESS) { warn(); diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h index 4ee4c54e60..626b11ec67 100644 --- a/lib/minitasn1/libtasn1.h +++ b/lib/minitasn1/libtasn1.h @@ -44,7 +44,7 @@ extern "C" { #endif -#define ASN1_VERSION "4.11" +#define ASN1_VERSION "4.12" #if defined(__GNUC__) && !defined(ASN1_INTERNAL_BUILD) # define _ASN1_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c index 976ab38f18..786ea640a4 100644 --- a/lib/minitasn1/parser_aux.c +++ b/lib/minitasn1/parser_aux.c @@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) if (p2 == NULL) { if (p->value) - _asn1_strcpy (_asn1_identifierMissing, p->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); else _asn1_strcpy (_asn1_identifierMissing, "(null)"); return ASN1_IDENTIFIER_NOT_FOUND; @@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) { _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_strcpy (_asn1_identifierMissing, p2->value); + if (p2->value) + { + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); + } + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + p2 = asn1_find_node (node, name2); if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || !(p2->type & CONST_ASSIGN)) @@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) _asn1_str_cpy (name2, sizeof (name2), node->name); _asn1_str_cat (name2, sizeof (name2), "."); _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_strcpy (_asn1_identifierMissing, p2->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); + p2 = asn1_find_node (node, name2); if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || !(p2->type & CONST_ASSIGN)) |