[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU libtasn1 branch, master, updated. libtasn1_4_9-27-gc14455b
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU libtasn1 branch, master, updated. libtasn1_4_9-27-gc14455b |
|
Date: |
Fri, 13 Jan 2017 11:00:19 +0000 (UTC) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU libtasn1".
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=c14455b2d72e248190e8f13810e0aa25a36166af
The branch, master has been updated
via c14455b2d72e248190e8f13810e0aa25a36166af (commit)
via d3fd77835c069f1dacce0bb665af5db4155f125c (commit)
via 01858b543efd4eb15a7fff2ca5841a387177108b (commit)
from 1bce4ce6dffa81532e065e60a6df5b91d037f68e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c14455b2d72e248190e8f13810e0aa25a36166af
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jan 13 11:56:51 2017 +0100
_asn1_ltostr: ensure that input value will always be printed
That is, use an unsigned type to store the output of the negation
(in case the input is negative).
This addresses the issue found in PKCS#7 decoding:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=388
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
commit d3fd77835c069f1dacce0bb665af5db4155f125c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jan 13 11:33:54 2017 +0100
tests: added invalid PKCS#7 struct checks
The added struct causes an integer overflow.
commit 01858b543efd4eb15a7fff2ca5841a387177108b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jan 13 11:36:47 2017 +0100
decoding-invalid-x509: output log on error
-----------------------------------------------------------------------
Summary of changes:
lib/parser_aux.c | 18 ++++++-----
tests/Makefile.am | 6 ++--
tests/coding-long-oid.c | 2 +-
tests/decoding-invalid-x509 | 7 +++--
tests/invalid-pkcs7/id-000001.der | Bin 0 -> 5375 bytes
tests/pkix.asn | 63 ++++++++++++++++++++-----------------
6 files changed, 56 insertions(+), 40 deletions(-)
create mode 100644 tests/invalid-pkcs7/id-000001.der
diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index cfd76e0..7313eeb 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -551,29 +551,33 @@ _asn1_delete_list_and_nodes (void)
char *
_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE])
{
- int64_t d, r;
+ uint64_t d, r;
char temp[LTOSTR_MAX_SIZE];
int count, k, start;
+ uint64_t val;
if (v < 0)
{
str[0] = '-';
start = 1;
- v = -v;
+ val = -v;
}
else
- start = 0;
+ {
+ val = v;
+ start = 0;
+ }
count = 0;
do
{
- d = v / 10;
- r = v - d * 10;
+ d = val / 10;
+ r = val - d * 10;
temp[start + count] = '0' + (char) r;
count++;
- v = d;
+ val = d;
}
- while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
+ while (val && ((start+count) < LTOSTR_MAX_SIZE-1));
for (k = 0; k < count; k++)
str[k + start] = temp[start + count - k - 1];
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0d8fcb1..537acaf 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -43,11 +43,13 @@ EXTRA_DIST = Test_parser.asn Test_tree.asn
Test_tree_asn1_tab.c \
invalid-x509/id-000028.der invalid-x509/id-000029.der \
invalid-x509/id-000030.der invalid-x509/id-000031.der \
invalid-x509/id-000032.der invalid-x509/id-000033.der \
- invalid-x509/id-000034.der invalid-x509/id-000035.der
+ invalid-x509/id-000034.der invalid-x509/id-000035.der \
+ invalid-pkcs7/id-000001.der
# For crlf.
EXTRA_DIST += crlf.cer crl.der ocsp.der
-dist_check_SCRIPTS = crlf benchmark threadsafety decoding decoding-invalid-x509
+dist_check_SCRIPTS = crlf benchmark threadsafety decoding
decoding-invalid-x509 \
+ decoding-invalid-pkcs7
MOSTLYCLEANFILES = Test_parser_ERROR.asn
diff --git a/tests/coding-long-oid.c b/tests/coding-long-oid.c
index bc2cd56..6031cf2 100644
--- a/tests/coding-long-oid.c
+++ b/tests/coding-long-oid.c
@@ -159,7 +159,7 @@ main (int argc, char** argv)
result = asn1_parser2tree (pkixfile, &definitions, errorDescription);
if (result != ASN1_SUCCESS)
{
- printf ("error in %d\n", __LINE__);
+ printf ("error in %d: %s\n", __LINE__, errorDescription);
exit (1);
}
diff --git a/tests/decoding-invalid-x509 b/tests/decoding-invalid-x509
index 01d9cb0..904cda7 100755
--- a/tests/decoding-invalid-x509
+++ b/tests/decoding-invalid-x509
@@ -20,7 +20,7 @@ srcdir="${srcdir:-.}"
if ! test -z "${VALGRIND}";then
VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=7
--leak-check=no"
fi
-
+TMPFILE=decoding-invalid.$$.tmp
ASN1DECODING="${ASN1DECODING:-../src/asn1Decoding$EXEEXT}"
ASN1PKIX="${ASN1PKIX:-pkix.asn}"
@@ -28,13 +28,16 @@ ASN1PKIX="${ASN1PKIX:-pkix.asn}"
# to certain libtasn1 versions.
for i in "${srcdir}/invalid-x509/"*.der;do
-$VALGRIND $ASN1DECODING "$ASN1PKIX" "$i" PKIX1.Certificate >/dev/null 2>&1
+$VALGRIND $ASN1DECODING "$ASN1PKIX" "$i" PKIX1.Certificate >$TMPFILE 2>&1
ret=$?
if test $ret != 1;then
echo "Decoding failed for $i"
+ cat $TMPFILE
exit 1
fi
echo "$(basename $i): ok"
done
+rm -f $TMPFILE
+
exit 0
diff --git a/tests/invalid-pkcs7/id-000001.der
b/tests/invalid-pkcs7/id-000001.der
new file mode 100644
index 0000000..6c91a25
Binary files /dev/null and b/tests/invalid-pkcs7/id-000001.der differ
diff --git a/tests/pkix.asn b/tests/pkix.asn
index f5dc6b9..efdf95e 100644
--- a/tests/pkix.asn
+++ b/tests/pkix.asn
@@ -934,36 +934,31 @@ ub-x121-address-length INTEGER ::= 16
-- Cryptographic Message Syntax
pkcs-7-ContentInfo ::= SEQUENCE {
- contentType pkcs-7-ContentType,
+ contentType OBJECT IDENTIFIER,
content [0] EXPLICIT ANY DEFINED BY contentType }
pkcs-7-DigestInfo ::= SEQUENCE {
- digestAlgorithm pkcs-7-DigestAlgorithmIdentifier,
- digest pkcs-7-Digest
+ digestAlgorithm AlgorithmIdentifier,
+ digest OCTET STRING
}
-pkcs-7-Digest ::= OCTET STRING
-
-pkcs-7-ContentType ::= OBJECT IDENTIFIER
-
pkcs-7-SignedData ::= SEQUENCE {
- version pkcs-7-CMSVersion,
+ version INTEGER,
digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
encapContentInfo pkcs-7-EncapsulatedContentInfo,
certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
- signerInfos pkcs-7-SignerInfos
+ signerInfos pkcs-7-SignerInfos
}
-pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
+pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier
-pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier
-
-pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+-- rfc5652: eContent [0] EXPLICIT OCTET STRING OPTIONAL
+-- rfc2315: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
- eContentType pkcs-7-ContentType,
- eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+ eContentType OBJECT IDENTIFIER,
+ eContent [0] EXPLICIT ANY OPTIONAL }
-- We don't use CertificateList here since we only want
-- to read the raw data.
@@ -978,8 +973,28 @@ pkcs-7-CertificateChoices ::= CHOICE {
pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
-pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
- -- anyway
+IssuerAndSerialNumber ::= SEQUENCE {
+ issuer Name,
+ serialNumber CertificateSerialNumber
+}
+
+pkcs-7-SignerInfo ::= SEQUENCE {
+ version INTEGER,
+ sid SignerIdentifier,
+ digestAlgorithm AlgorithmIdentifier,
+ signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature OCTET STRING,
+ unsignedAttrs [1] IMPLICIT SignedAttributes OPTIONAL }
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+SignerIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier
+}
+
+pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo
-- BEGIN of RFC2986
@@ -1158,28 +1173,20 @@ pkcs-12-PKCS12Attribute ::= Attribute
-- PKCS #7 stuff (needed in PKCS 12)
-pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
-
-pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
-
pkcs-7-Data ::= OCTET STRING
pkcs-7-EncryptedData ::= SEQUENCE {
- version pkcs-7-CMSVersion,
+ version INTEGER,
encryptedContentInfo pkcs-7-EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
pkcs-7-EncryptedContentInfo ::= SEQUENCE {
- contentType pkcs-7-ContentType,
+ contentType OBJECT IDENTIFIER,
contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
+ encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL }
pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-pkcs-7-EncryptedContent ::= OCTET STRING
-
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
-- LDAP stuff
hooks/post-receive
--
GNU libtasn1
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU libtasn1 branch, master, updated. libtasn1_4_9-27-gc14455b,
Nikos Mavrogiannopoulos <=