Mercurial > dropbear
diff libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c @ 1511:5916af64acd4 fuzz
merge from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 17 Feb 2018 19:29:51 +0800 |
| parents | 6dba84798cd5 |
| children |
line wrap: on
line diff
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c Tue Jan 23 23:27:40 2018 +0800 +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c Sat Feb 17 19:29:51 2018 +0800 @@ -5,11 +5,8 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, [email protected], http://libtom.org */ #include "tomcrypt.h" -#include <stdarg.h> /** @@ -31,13 +28,14 @@ int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, ltc_asn1_list *list, unsigned long outlen, int ordered) { - int err, type; - unsigned long size, x, y, z, i, blksize; + int err, i; + ltc_asn1_type type; + unsigned long size, x, y, z, blksize; void *data; LTC_ARGCHK(in != NULL); LTC_ARGCHK(list != NULL); - + /* get blk size */ if (inlen < 2) { return CRYPT_INVALID_PACKET; @@ -50,9 +48,12 @@ } ++x; + /* check if the msb is set, which signals that the + * 7 lsb bits represent the number of bytes of the length + */ if (in[x] < 128) { blksize = in[x++]; - } else if (in[x] & 0x80) { + } else { if (in[x] < 0x81 || in[x] > 0x83) { return CRYPT_INVALID_PACKET; } @@ -68,28 +69,28 @@ while (y--) { blksize = (blksize << 8) | (unsigned long)in[x++]; } - } + } - /* would this blksize overflow? */ - if (x + blksize > inlen) { - return CRYPT_INVALID_PACKET; - } + /* would this blksize overflow? */ + if (x + blksize > inlen) { + return CRYPT_INVALID_PACKET; + } /* mark all as unused */ - for (i = 0; i < outlen; i++) { + for (i = 0; i < (int)outlen; i++) { list[i].used = 0; - } + } - /* ok read data */ + /* ok read data */ inlen = blksize; - for (i = 0; i < outlen; i++) { + for (i = 0; i < (int)outlen; i++) { z = 0; type = list[i].type; size = list[i].size; data = list[i].data; if (!ordered && list[i].used == 1) { continue; } - if (type == LTC_ASN1_EOL) { + if (type == LTC_ASN1_EOL) { break; } @@ -97,13 +98,14 @@ case LTC_ASN1_BOOLEAN: z = inlen; if ((err = der_decode_boolean(in + x, z, ((int *)data))) != CRYPT_OK) { + if (!ordered) { continue; } goto LBL_ERR; } if ((err = der_length_boolean(&z)) != CRYPT_OK) { goto LBL_ERR; - } - break; - + } + break; + case LTC_ASN1_INTEGER: z = inlen; if ((err = der_decode_integer(in + x, z, data)) != CRYPT_OK) { @@ -124,7 +126,7 @@ if ((err = der_length_short_integer(((unsigned long*)data)[0], &z)) != CRYPT_OK) { goto LBL_ERR; } - + break; case LTC_ASN1_BIT_STRING: @@ -139,6 +141,18 @@ } break; + case LTC_ASN1_RAW_BIT_STRING: + z = inlen; + if ((err = der_decode_raw_bit_string(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } + goto LBL_ERR; + } + list[i].size = size; + if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) { + goto LBL_ERR; + } + break; + case LTC_ASN1_OCTET_STRING: z = inlen; if ((err = der_decode_octet_string(in + x, z, data, &size)) != CRYPT_OK) { @@ -159,7 +173,7 @@ } z = 2; break; - + case LTC_ASN1_OBJECT_IDENTIFIER: z = inlen; if ((err = der_decode_object_identifier(in + x, z, data, &size)) != CRYPT_OK) { @@ -172,6 +186,18 @@ } break; + case LTC_ASN1_TELETEX_STRING: + z = inlen; + if ((err = der_decode_teletex_string(in + x, z, data, &size)) != CRYPT_OK) { + if (!ordered) { continue; } + goto LBL_ERR; + } + list[i].size = size; + if ((err = der_length_teletex_string(data, size, &z)) != CRYPT_OK) { + goto LBL_ERR; + } + break; + case LTC_ASN1_IA5_STRING: z = inlen; if ((err = der_decode_ia5_string(in + x, z, data, &size)) != CRYPT_OK) { @@ -217,6 +243,14 @@ } break; + case LTC_ASN1_GENERALIZEDTIME: + z = inlen; + if ((err = der_decode_generalizedtime(in + x, &z, data)) != CRYPT_OK) { + if (!ordered) { continue; } + goto LBL_ERR; + } + break; + case LTC_ASN1_SET: z = inlen; if ((err = der_decode_set(in + x, z, data, size)) != CRYPT_OK) { @@ -227,7 +261,7 @@ goto LBL_ERR; } break; - + case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: /* detect if we have the right type */ @@ -255,33 +289,40 @@ } break; - default: + case LTC_ASN1_CONSTRUCTED: + case LTC_ASN1_CONTEXT_SPECIFIC: + case LTC_ASN1_EOL: err = CRYPT_INVALID_ARG; goto LBL_ERR; } x += z; inlen -= z; list[i].used = 1; - if (!ordered) { + if (!ordered) { /* restart the decoder */ i = -1; - } + } } - - for (i = 0; i < outlen; i++) { + + for (i = 0; i < (int)outlen; i++) { if (list[i].used == 0) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } - } - err = CRYPT_OK; + } + + if (inlen == 0) { + err = CRYPT_OK; + } else { + err = CRYPT_INPUT_TOO_LONG; + } LBL_ERR: return err; -} - +} + #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */