From 9c627ae6c3d0ed7e12a5de333116c253e2213f5c Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Thu, 23 Feb 2023 16:22:07 +0000 Subject: Bug 1804660 - Make high tag number assertion failure an error. r=nss-reviewers,djackson If a template has an OPTIONAL field, and we find that the input does not match that field's tag number, we mark the field as missing. If the next field is an ASN.1 ANY, we need to write the previously-parsed tag number out. Since high tag number forms are rare, we never implemented the necessary re-encoding of multi-byte tags, and we noted this with an assertion. That assertion is remotely triggerable in debug builds. This patch removes the assertion and returns a SEC_ERROR_LIBRARY_FAILURE instead. Differential Revision: https://phabricator.services.mozilla.com/D170678 --- lib/util/secasn1d.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/util/secasn1d.c b/lib/util/secasn1d.c index bbb41a61c..01f1c6e5c 100644 --- a/lib/util/secasn1d.c +++ b/lib/util/secasn1d.c @@ -2207,9 +2207,13 @@ sec_asn1d_next_in_sequence(sec_asn1d_state *state) * In practice this does not happen, but for completeness * sake it should probably be made to work at some point. */ - PORT_Assert(child_found_tag_number < SEC_ASN1_HIGH_TAG_NUMBER); - identifier = (unsigned char)(child_found_tag_modifiers | child_found_tag_number); - sec_asn1d_record_any_header(child, (char *)&identifier, 1); + if (child_found_tag_modifiers >= SEC_ASN1_HIGH_TAG_NUMBER) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + state->top->status = decodeError; + } else { + identifier = (unsigned char)(child_found_tag_modifiers | child_found_tag_number); + sec_asn1d_record_any_header(child, (char *)&identifier, 1); + } } } } -- cgit v1.2.1