libtasn1-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU libtasn1 branch, master, updated. libtasn1_4_9-38-ge4c1c46

From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU libtasn1 branch, master, updated. libtasn1_4_9-38-ge4c1c46
Date: Mon, 16 Jan 2017 16:08:39 +0000 (UTC) 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU libtasn1".

http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=e4c1c468fe373fbafc9c0cde04dc58267e47abb3

The branch, master has been updated
       via  e4c1c468fe373fbafc9c0cde04dc58267e47abb3 (commit)
       via  b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82 (commit)
       via  6ec2a27db5dfabb98777d036f095ca4748a96e50 (commit)
       via  30f50fc36e2a5147f0338d1260d495f06e1fa5c8 (commit)
      from  4eddbe86fad990612b5f134b8ba44976be91abfd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e4c1c468fe373fbafc9c0cde04dc58267e47abb3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jan 16 17:08:36 2017 +0100

    doc update

commit b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jan 16 17:05:01 2017 +0100

    asn1_get_length_ber: pass the correct length to 
_asn1_get_indefinite_length_string
    
    This addresses reading 1-byte past the end of data.
    
    Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>

commit 6ec2a27db5dfabb98777d036f095ca4748a96e50
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jan 16 17:04:35 2017 +0100

    bumped version
    
    Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>

commit 30f50fc36e2a5147f0338d1260d495f06e1fa5c8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jan 16 14:31:39 2017 +0100

    tests: added additional invalid PKCS#7 structs
    
    These structures cause a read overflow in the heap.
    
    Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>

-----------------------------------------------------------------------

Summary of changes:
 NEWS                              |    4 ++++
 lib/decoding.c                    |    6 +++---
 lib/libtasn1.h                    |    2 +-
 tests/Makefile.am                 |    3 ++-
 tests/invalid-pkcs7/id-000002.der |  Bin 0 -> 797 bytes
 tests/invalid-pkcs7/id-000003.der |  Bin 0 -> 229 bytes
 6 files changed, 10 insertions(+), 5 deletions(-)
 create mode 100644 tests/invalid-pkcs7/id-000002.der
 create mode 100644 tests/invalid-pkcs7/id-000003.der

diff --git a/NEWS b/NEWS
index 8377d96..57d7e7b 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,10 @@ GNU Libtasn1 NEWS                                     -*- 
outline -*-
 * Noteworthy changes in release 4.10 (unreleased) [stable]
 - Updated gnulib
 - Removed -Werror from default compiler flags
+- Fixed undefined behavior when negating integers in _asn1_ltostr()
+- Pass the correct length to _asn1_get_indefinite_length_string in
+  asn1_get_length_ber. This addresses reading 1-byte past the end
+  of data.
 
 * Noteworthy changes in release 4.9 (released 2016-07-25) [stable]
 - Fixes to OID encoding of OIDs which have elements which exceed 2^32
diff --git a/lib/decoding.c b/lib/decoding.c
index 27a02b3..c2e6027 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -114,7 +114,7 @@ asn1_get_length_der (const unsigned char *der, int der_len, 
int *len)
       k = der[0] & 0x7F;
       punt = 1;
       if (k)
-       {                       /* definite length method */
+       { /* definite length method */
          ans = 0;
          while (punt <= k && punt < der_len)
            {
@@ -237,9 +237,9 @@ asn1_get_length_ber (const unsigned char *ber, int ber_len, 
int *len)
   long err;
 
   ret = asn1_get_length_der (ber, ber_len, len);
-  if (ret == -1)
+  if (ret == -1 && ber_len > 1)
     {                          /* indefinite length method */
-      err = _asn1_get_indefinite_length_string (ber + 1, ber_len, &ret);
+      err = _asn1_get_indefinite_length_string (ber + 1, ber_len-1, &ret);
       if (err != ASN1_SUCCESS)
        return -3;
     }
diff --git a/lib/libtasn1.h b/lib/libtasn1.h
index 9a41780..4ad01e7 100644
--- a/lib/libtasn1.h
+++ b/lib/libtasn1.h
@@ -44,7 +44,7 @@ extern "C"
 {
 #endif
 
-#define ASN1_VERSION "4.9"
+#define ASN1_VERSION "4.10"
 
 #if defined(__GNUC__) && !defined(ASN1_INTERNAL_BUILD)
 # define _ASN1_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + 
__GNUC_PATCHLEVEL__)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index be2aa1c..49b164e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -44,7 +44,8 @@ EXTRA_DIST = Test_parser.asn Test_tree.asn 
Test_tree_asn1_tab.c       \
        invalid-x509/id-000030.der invalid-x509/id-000031.der \
        invalid-x509/id-000032.der invalid-x509/id-000033.der \
        invalid-x509/id-000034.der invalid-x509/id-000035.der \
-       invalid-pkcs7/id-000001.der
+       invalid-pkcs7/id-000001.der invalid-pkcs7/id-000002.der \
+       invalid-pkcs7/id-000003.der
 
 # For crlf.
 EXTRA_DIST += crlf.cer crl.der ocsp.der
diff --git a/tests/invalid-pkcs7/id-000002.der 
b/tests/invalid-pkcs7/id-000002.der
new file mode 100644
index 0000000..9c38f9f
Binary files /dev/null and b/tests/invalid-pkcs7/id-000002.der differ
diff --git a/tests/invalid-pkcs7/id-000003.der 
b/tests/invalid-pkcs7/id-000003.der
new file mode 100644
index 0000000..06f6f9c
Binary files /dev/null and b/tests/invalid-pkcs7/id-000003.der differ


hooks/post-receive
-- 
GNU libtasn1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]