[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU libtasn1 branch, master, updated. libtasn1_4_4-5-g47fe1e1
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU libtasn1 branch, master, updated. libtasn1_4_4-5-g47fe1e1 |
|
Date: |
Mon, 20 Apr 2015 14:19:56 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU libtasn1".
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=47fe1e1051bf2ca840a846a968ec07bcfd993252
The branch, master has been updated
via 47fe1e1051bf2ca840a846a968ec07bcfd993252 (commit)
via 9e3ac5813e2e62de6fa2c8280edb05507a1a3e9f (commit)
via 49924c02fed91580839b17686345406b232ea812 (commit)
via a9c908190324bbaadff2031421e23adfba014a2a (commit)
via f979435823a02f842c41d49cd41cc81f25b5d677 (commit)
from bf69ce965a724f3bd730716143a67b800836416b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 47fe1e1051bf2ca840a846a968ec07bcfd993252
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Apr 20 16:19:46 2015 +0200
doc update
commit 9e3ac5813e2e62de6fa2c8280edb05507a1a3e9f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Apr 20 16:12:30 2015 +0200
tests: Added test case based on Hanno Boeck's certificate
commit 49924c02fed91580839b17686345406b232ea812
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Apr 20 16:05:23 2015 +0200
asn1Decoding: added a debug flag which enforces strict memory alignment
commit a9c908190324bbaadff2031421e23adfba014a2a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Apr 20 15:04:09 2015 +0200
asn1Decode: added --strict option
commit f979435823a02f842c41d49cd41cc81f25b5d677
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Apr 20 14:56:27 2015 +0200
_asn1_extract_der_octet: prevent past of boundary access
Reported by Hanno Böck.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 +++
lib/decoding.c | 3 +-
src/asn1Decoding.c | 41 ++++++++++++++++++++++++++++---------
tests/Makefile.am | 8 ++----
tests/TestCertOctetOverflow.der | Bin 0 -> 357 bytes
src/Makefile.am => tests/decoding | 27 ++++++++++++-----------
6 files changed, 54 insertions(+), 29 deletions(-)
create mode 100644 tests/TestCertOctetOverflow.der
copy src/Makefile.am => tests/decoding (56%)
mode change 100644 => 100755
diff --git a/NEWS b/NEWS
index 1206144..e2805f8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
GNU Libtasn1 NEWS -*- outline -*-
+* Noteworthy changes in release 4.5 (unreleased) [stable]
+- Corrected an invalid memory access in octet string decoding.
+ Reported by Hanno Böck.
+
* Noteworthy changes in release 4.4 (released 2015-03-29) [stable]
- Corrected a two-byte stack overflow in asn1_der_decoding. Reported
by Hanno Böck.
diff --git a/lib/decoding.c b/lib/decoding.c
index 7fbd931..42ddc6b 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned
char *der,
return ASN1_DER_ERROR;
counter = len3 + 1;
+ DECR_LEN(der_len, len3);
if (len2 == -1)
counter_end = der_len - 2;
@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned
char *der,
while (counter < counter_end)
{
+ DECR_LEN(der_len, 1);
len2 = asn1_get_length_der (der + counter, der_len, &len3);
if (IS_ERR(len2, flags))
@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned
char *der,
len2 = 0;
}
- DECR_LEN(der_len, 1);
counter += len2 + len3 + 1;
}
diff --git a/src/asn1Decoding.c b/src/asn1Decoding.c
index 5649990..b52e791 100644
--- a/src/asn1Decoding.c
+++ b/src/asn1Decoding.c
@@ -34,7 +34,7 @@
#include "benchmark.h"
static int decode (asn1_node definitions, const char *typeName, void *der,
- int der_len, int benchmark);
+ int der_len, int benchmark, int strict);
/* This feature is available in gcc versions 2.5 and later. */
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
@@ -57,6 +57,8 @@ Decodes DER data in ENCODED file, for the ASN1TYPE element\n\
described in ASN.1 DEFINITIONS file, and print decoded structures.\n\
\n");
printf ("\
+ -b, --benchmark perform a benchmark on decoding\n\
+ -s, --strict use strict DER decoding\n\
-h, --help display this help and exit\n\
-v, --version output version information and exit\n");
emit_bug_reporting_address ();
@@ -69,6 +71,9 @@ main (int argc, char *argv[])
{
static const struct option long_options[] = {
{"help", no_argument, 0, 'h'},
+ {"strict", no_argument, 0, 's'},
+ {"debug", no_argument, 0, 'd'},
+ {"benchmark", no_argument, 0, 'b'},
{"version", no_argument, 0, 'v'},
{0, 0, 0, 0}
};
@@ -82,6 +87,7 @@ main (int argc, char *argv[])
int asn1_result = ASN1_SUCCESS;
unsigned char *der;
int der_len = 0, benchmark = 0;
+ int strict = 0, debug = 0;
/* FILE *outputFile; */
set_program_name (argv[0]);
@@ -92,7 +98,7 @@ main (int argc, char *argv[])
{
option_result =
- getopt_long (argc, argv, "hbvc", long_options, &option_index);
+ getopt_long (argc, argv, "hbdsvc", long_options, &option_index);
if (option_result == -1)
break;
@@ -105,6 +111,12 @@ main (int argc, char *argv[])
case 'b':
benchmark = 1;
break;
+ case 'd':
+ debug = 1;
+ break;
+ case 's':
+ strict = 1;
+ break;
case 'v': /* VERSION */
version_etc (stdout, program_name, PACKAGE, VERSION,
"Fabio Fiorina", NULL);
@@ -174,6 +186,12 @@ main (int argc, char *argv[])
der_len = tmplen;
}
+ /* read_binary_file() returns a buffer with more data than required,
+ * with this reallocation we ensure that memory accesses outside the
+ * boundaries are detected */
+ if (der != NULL && debug != 0)
+ der = realloc(der, der_len);
+
if (der == NULL)
{
fprintf (stderr, "asn1Decoding: could not read '%s'\n",
@@ -186,7 +204,6 @@ main (int argc, char *argv[])
exit (1);
}
-
/*****************************************/
/* ONLY FOR TEST */
/*****************************************/
@@ -202,7 +219,7 @@ main (int argc, char *argv[])
fclose(inputFile);
*/
- if (decode (definitions, typeName, der, der_len, benchmark) != ASN1_SUCCESS)
+ if (decode (definitions, typeName, der, der_len, benchmark, strict) !=
ASN1_SUCCESS)
{
asn1_delete_structure (&definitions);
free (inputFileAsnName);
@@ -228,7 +245,7 @@ main (int argc, char *argv[])
static int
simple_decode (asn1_node definitions, const char *typeName, void *der,
- int der_len, int benchmark)
+ int der_len, int benchmark, int strict)
{
int asn1_result;
@@ -248,8 +265,12 @@ simple_decode (asn1_node definitions, const char
*typeName, void *der,
return asn1_result;
}
- asn1_result =
- asn1_der_decoding (&structure, der, der_len, errorDescription);
+ if (strict != 0)
+ asn1_result =
+ asn1_der_decoding2(&structure, der, &der_len,
ASN1_DECODE_FLAG_STRICT_DER, errorDescription);
+ else
+ asn1_result =
+ asn1_der_decoding (&structure, der, der_len, errorDescription);
if (!benchmark)
fprintf (stderr, "\nDecoding: %s\n", asn1_strerror (asn1_result));
@@ -272,19 +293,19 @@ simple_decode (asn1_node definitions, const char
*typeName, void *der,
static int
decode (asn1_node definitions, const char *typeName, void *der, int der_len,
- int benchmark)
+ int benchmark, int strict)
{
struct benchmark_st st;
if (benchmark == 0)
- return simple_decode (definitions, typeName, der, der_len, benchmark);
+ return simple_decode (definitions, typeName, der, der_len, benchmark,
strict);
else
{
start_benchmark (&st);
do
{
- simple_decode (definitions, typeName, der, der_len, benchmark);
+ simple_decode (definitions, typeName, der, der_len, benchmark,
strict);
st.size++;
}
while (benchmark_must_finish == 0);
diff --git a/tests/Makefile.am b/tests/Makefile.am
index a00ebc7..0cd48a3 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -24,13 +24,11 @@ LDADD = ../lib/libtasn1.la ../gl/libgnu.la
EXTRA_DIST = Test_parser.asn Test_tree.asn Test_tree_asn1_tab.c \
Test_encoding.asn pkix.asn TestIndef.p12 choice.asn
coding-decoding2.asn \
- TestIndef2.p12 TestIndef3.der
+ TestIndef2.p12 TestIndef3.der TestCertOctetOverflow.der
# For crlf.
EXTRA_DIST += crlf.cer crl.der ocsp.der
-dist_check_SCRIPTS = crlf benchmark
-
-dist_check_SCRIPTS += threadsafety
+dist_check_SCRIPTS = crlf benchmark threadsafety decoding
MOSTLYCLEANFILES = Test_parser_ERROR.asn
@@ -41,7 +39,7 @@ check_PROGRAMS = Test_parser Test_tree Test_encoding
Test_indefinite \
TESTS = Test_parser Test_tree Test_encoding Test_indefinite \
Test_errors Test_simple Test_overflow crlf threadsafety \
Test_strings Test_choice Test_encdec copynode coding-decoding2 \
- strict-der Test_choice_ocsp
+ strict-der Test_choice_ocsp decoding
TESTS_ENVIRONMENT = \
ASN1PARSER=$(srcdir)/Test_parser.asn \
diff --git a/tests/TestCertOctetOverflow.der b/tests/TestCertOctetOverflow.der
new file mode 100644
index 0000000..6c45107
Binary files /dev/null and b/tests/TestCertOctetOverflow.der differ
diff --git a/src/Makefile.am b/tests/decoding
old mode 100644
new mode 100755
similarity index 56%
copy from src/Makefile.am
copy to tests/decoding
index 06439b4..ce230f4
--- a/src/Makefile.am
+++ b/tests/decoding
@@ -1,7 +1,6 @@
-## Process this file with automake to produce Makefile.in
-# Copyright (C) 2002-2014 Free Software Foundation, Inc.
-#
-# This file is part of LIBTASN1.
+#!/bin/sh
+
+# Copyright (C) 2015 Free Software Foundation, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,15 +15,17 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
-AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir)/gl -I$(top_builddir)/gl
-
-LDADD = ../lib/libtasn1.la ../gl/libgnu.la
-
-bin_PROGRAMS = asn1Parser asn1Coding asn1Decoding
+if ! test -z "${VALGRIND}";then
+VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=7
--leak-check=no"
+fi
-asn1Parser_SOURCES = asn1Parser.c
+ASN1DECODING="${ASN1DECODING:-../src/asn1Decoding$EXEEXT}"
+ASN1PKIX="${ASN1PKIX:-pkix.asn}"
-asn1Coding_SOURCES = asn1Coding.c
+$VALGRIND $ASN1DECODING -ds $ASN1PKIX TestCertOctetOverflow.der
PKIX1.Certificate
+if test $? != 1;then
+ echo "Decoding failed"
+ exit 1
+fi
-asn1Decoding_SOURCES = asn1Decoding.c benchmark.c benchmark.h
+exit 0
hooks/post-receive
--
GNU libtasn1
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU libtasn1 branch, master, updated. libtasn1_4_4-5-g47fe1e1,
Nikos Mavrogiannopoulos <=