X509AF: ensure that BER dissector successfully decoded a bit string before calling RSA Public Key dissection

Bug: 11612 Change-Id: Ia1279b5991604631241398ab19f0652e36a2114e Reviewed-on: https://code.wireshark.org/review/11144 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2015-10-19 14:23:12 +02:00 · 2015-10-19 14:23:12 +02:00 · 71b3d384cf
parent e8a37694ce
commit 71b3d384cf
2 changed files with 6 additions and 6 deletions
--- a/asn1/x509af/x509af.cnf
+++ b/asn1/x509af/x509af.cnf
@ -88,7 +88,7 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
 #.END

 #.FN_BODY SubjectPublicKeyInfo/subjectPublicKey
-  tvbuff_t *bs_tvb;
+  tvbuff_t *bs_tvb = NULL;
 # proto_tree *subtree;

  dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset,
@ -96,15 +96,15 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate

  /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID.
   * The contents of subjectPublicKey are always explicitly tagged. */
-  if (!g_strcmp0(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
+  if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
    offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);

 # TODO: PKCS#1 only defines RSA; DH and DSA are from PKIX1Algorithms2008
-# } else if (!g_strcmp0(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */
+# } else if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */
 #   subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey);
 #   offset += dissect_DSAPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dsa_y);
 #
-# } else if (!g_strcmp0(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */
+# } else if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */
 #   subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey);
 #   offset += dissect_DHPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dh_y);
 #
--- a/epan/dissectors/packet-x509af.c
+++ b/epan/dissectors/packet-x509af.c
@ -350,14 +350,14 @@ dissect_x509af_SubjectName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 static int
 dissect_x509af_T_subjectPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
 #line 91 "../../asn1/x509af/x509af.cnf"
-  tvbuff_t *bs_tvb;
+  tvbuff_t *bs_tvb = NULL;

  dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset,
                        NULL, -1, -1, &bs_tvb);

  /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID.
   * The contents of subjectPublicKey are always explicitly tagged. */
-  if (!g_strcmp0(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
+  if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
    offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);

  } else {