summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--third_party/heimdal/lib/asn1/fuzz-inputs/KrbFastArmoredReqbin0 -> 55 bytes
-rw-r--r--third_party/heimdal/lib/asn1/gen_decode.c12
-rw-r--r--third_party/heimdal/lib/asn1/gen_free.c7
-rw-r--r--third_party/heimdal/lib/asn1/gen_template.c1
-rw-r--r--third_party/heimdal/lib/asn1/krb5.asn11
5 files changed, 15 insertions, 6 deletions
diff --git a/third_party/heimdal/lib/asn1/fuzz-inputs/KrbFastArmoredReq b/third_party/heimdal/lib/asn1/fuzz-inputs/KrbFastArmoredReq
new file mode 100644
index 00000000000..21ac3601bcc
--- /dev/null
+++ b/third_party/heimdal/lib/asn1/fuzz-inputs/KrbFastArmoredReq
Binary files differ
diff --git a/third_party/heimdal/lib/asn1/gen_decode.c b/third_party/heimdal/lib/asn1/gen_decode.c
index 93d412f6335..fa9d79a8ae5 100644
--- a/third_party/heimdal/lib/asn1/gen_decode.c
+++ b/third_party/heimdal/lib/asn1/gen_decode.c
@@ -694,14 +694,14 @@ decode_type(const char *name, const Type *t, int optional, struct value *defval,
classname(cl),
ty ? "CONS" : "PRIM",
valuename(cl, tag));
+ fprintf(codefile,
+ "(%s)->element = %s;\n",
+ name, m->label);
if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
name, m->gen_name) < 0 || s == NULL)
errx(1, "malloc");
decode_type(s, m->type, m->optional, NULL, forwstr, m->gen_name,
NULL, depth + 1);
- fprintf(codefile,
- "(%s)->element = %s;\n",
- name, m->label);
free(s);
fprintf(codefile,
"}\n");
@@ -710,23 +710,23 @@ decode_type(const char *name, const Type *t, int optional, struct value *defval,
if (have_ellipsis) {
fprintf(codefile,
"else {\n"
+ "(%s)->element = %s;\n"
"(%s)->u.%s.data = calloc(1, len);\n"
"if ((%s)->u.%s.data == NULL) {\n"
"e = ENOMEM; %s;\n"
"}\n"
"(%s)->u.%s.length = len;\n"
"memcpy((%s)->u.%s.data, p, len);\n"
- "(%s)->element = %s;\n"
"p += len;\n"
"ret += len;\n"
"len = 0;\n"
"}\n",
+ name, have_ellipsis->label,
name, have_ellipsis->gen_name,
name, have_ellipsis->gen_name,
forwstr,
name, have_ellipsis->gen_name,
- name, have_ellipsis->gen_name,
- name, have_ellipsis->label);
+ name, have_ellipsis->gen_name);
} else {
fprintf(codefile,
"else {\n"
diff --git a/third_party/heimdal/lib/asn1/gen_free.c b/third_party/heimdal/lib/asn1/gen_free.c
index 53b7bfe7b90..14e6529046c 100644
--- a/third_party/heimdal/lib/asn1/gen_free.c
+++ b/third_party/heimdal/lib/asn1/gen_free.c
@@ -62,6 +62,13 @@ free_type (const char *name, const Type *t, int preserve)
case TNull:
case TGeneralizedTime:
case TUTCTime:
+ /*
+ * This doesn't do much, but it leaves zeros where garbage might
+ * otherwise have been found. Gets us closer to having the equivalent
+ * of a memset()-to-zero data structure after calling the free
+ * functions.
+ */
+ fprintf(codefile, "*%s = 0;\n", name);
break;
case TBitString:
if (HEIM_TAILQ_EMPTY(t->members))
diff --git a/third_party/heimdal/lib/asn1/gen_template.c b/third_party/heimdal/lib/asn1/gen_template.c
index e053a8bdd8b..ad25fcfb29d 100644
--- a/third_party/heimdal/lib/asn1/gen_template.c
+++ b/third_party/heimdal/lib/asn1/gen_template.c
@@ -1600,6 +1600,7 @@ generate_template(const Symbol *s)
"int ASN1CALL\n"
"decode_%s(const unsigned char *p, size_t len, %s *data, size_t *size)\n"
"{\n"
+ " memset(data, 0, sizeof(*data));\n"
" return _asn1_decode_top(asn1_%s, 0|%s, p, len, data, size);\n"
"}\n"
"\n",
diff --git a/third_party/heimdal/lib/asn1/krb5.asn1 b/third_party/heimdal/lib/asn1/krb5.asn1
index d7ce6bd6333..00a0acbc029 100644
--- a/third_party/heimdal/lib/asn1/krb5.asn1
+++ b/third_party/heimdal/lib/asn1/krb5.asn1
@@ -81,6 +81,7 @@ EXPORTS
KrbFastFinished,
KrbFastReq,
KrbFastArmor,
+ KrbFastArmoredReq,
KDCFastState,
KDCFastCookie,
KDC-PROXY-MESSAGE,
View Lorry Controller Status