mirror of https://gerrit.osmocom.org/asn1c
*** empty log message ***
git-svn-id: https://asn1c.svn.sourceforge.net/svnroot/asn1c/trunk@1114 59561ff5-6e30-0410-9f3c-9617f08c8826
This commit is contained in:
parent
1aeadddd63
commit
735e461d92
|
@ -51,7 +51,6 @@ ber_fetch_length(int _is_constructed, const void *bufptr, size_t size,
|
|||
}
|
||||
|
||||
if(oct == 0) {
|
||||
|
||||
/*
|
||||
* Here length may be very close or equal to 2G.
|
||||
* However, the arithmetics used in some decoders
|
||||
|
@ -59,7 +58,7 @@ ber_fetch_length(int _is_constructed, const void *bufptr, size_t size,
|
|||
* to check the resulting value against some limits.
|
||||
* This may result in integer wrap-around.
|
||||
*/
|
||||
if((len + 1024) < 0) {
|
||||
if((len + 1024) < len - 1024) {
|
||||
/* Too large length value */
|
||||
return -1;
|
||||
}
|
||||
|
|
|
@ -121,11 +121,13 @@ check_REGEN(int *arcs, int acount) {
|
|||
int ret;
|
||||
int i;
|
||||
|
||||
fprintf(stderr, "Encoding (R) {");
|
||||
for(i = 0; i < acount; i++) {
|
||||
fprintf(stderr, " %u", arcs[i]);
|
||||
if(0) {
|
||||
fprintf(stderr, "Encoding (R) {");
|
||||
for(i = 0; i < acount; i++) {
|
||||
fprintf(stderr, " %u", arcs[i]);
|
||||
}
|
||||
fprintf(stderr, " }\n");
|
||||
}
|
||||
fprintf(stderr, " }\n");
|
||||
|
||||
ret = RELATIVE_OID_set_arcs(&oid, arcs, sizeof(arcs[0]), acount);
|
||||
assert(ret == 0);
|
||||
|
@ -137,12 +139,15 @@ check_REGEN(int *arcs, int acount) {
|
|||
assert(alen <= tmp_alen);
|
||||
assert(alen == acount);
|
||||
|
||||
fprintf(stderr, "Encoded (R) { ");
|
||||
for(i = 0; i < alen; i++) {
|
||||
fprintf(stderr, "%lu ", tmp_arcs[i]); fflush(stdout);
|
||||
assert(arcs[i] == (int)tmp_arcs[i]);
|
||||
if(0) {
|
||||
fprintf(stderr, "Encoded (R) { ");
|
||||
for(i = 0; i < alen; i++) {
|
||||
fprintf(stderr, "%lu ", tmp_arcs[i]); fflush(stdout);
|
||||
assert(arcs[i] == (int)tmp_arcs[i]);
|
||||
}
|
||||
fprintf(stderr, "}\n");
|
||||
}
|
||||
fprintf(stderr, "}\n");
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -158,11 +163,13 @@ check_REGEN_OID(int *arcs, int acount) {
|
|||
int ret;
|
||||
int i;
|
||||
|
||||
fprintf(stderr, "Encoding (O) {");
|
||||
for(i = 0; i < acount; i++) {
|
||||
fprintf(stderr, " %u", arcs[i]);
|
||||
if(0) {
|
||||
fprintf(stderr, "Encoding (O) {");
|
||||
for(i = 0; i < acount; i++) {
|
||||
fprintf(stderr, " %u", arcs[i]);
|
||||
}
|
||||
fprintf(stderr, " }\n");
|
||||
}
|
||||
fprintf(stderr, " }\n");
|
||||
|
||||
ret = OBJECT_IDENTIFIER_set_arcs(&oid, arcs, sizeof(arcs[0]), acount);
|
||||
assert(ret == 0);
|
||||
|
@ -174,14 +181,15 @@ check_REGEN_OID(int *arcs, int acount) {
|
|||
assert(alen <= tmp_alen);
|
||||
assert(alen == acount);
|
||||
|
||||
fprintf(stderr, "Encoded (O) { ");
|
||||
for(i = 0; i < alen; i++) {
|
||||
fprintf(stderr, "%lu ", tmp_arcs[i]); fflush(stdout);
|
||||
assert(arcs[i] == (int)tmp_arcs[i]);
|
||||
if(0) {
|
||||
fprintf(stderr, "Encoded (O) { ");
|
||||
for(i = 0; i < alen; i++) {
|
||||
fprintf(stderr, "%lu ", tmp_arcs[i]); fflush(stdout);
|
||||
assert(arcs[i] == (int)tmp_arcs[i]);
|
||||
}
|
||||
fprintf(stderr, "}\n");
|
||||
}
|
||||
fprintf(stderr, "}\n");
|
||||
}
|
||||
|
||||
static int
|
||||
check_speed() {
|
||||
uint8_t buf[] = { 0x80 | 7, 0x80 | 2, 0x80 | 3, 0x80 | 4, 13 };
|
||||
|
|
|
@ -101,18 +101,25 @@ main() {
|
|||
ret = ber_fetch_length(0, buf1, sizeof(buf1), &tlv_len);
|
||||
printf("ret=%ld, len=%ld\n", (long)ret, (long)tlv_len);
|
||||
assert(ret == sizeof(buf1));
|
||||
assert(tlv_len == 0x01020304);
|
||||
|
||||
ret = ber_fetch_length(0, buf2, sizeof(buf2), &tlv_len);
|
||||
printf("ret=%ld, len=%ld\n", (long)ret, (long)tlv_len);
|
||||
assert(ret == sizeof(buf2));
|
||||
assert(tlv_len == 0x7fff0304);
|
||||
|
||||
if(sizeof(tlv_len) == 4) {
|
||||
/*
|
||||
* Here although tlv_len is not greater than 2^31,
|
||||
* we ought to hit an embedded length exploitation preventive check.
|
||||
*/
|
||||
if(sizeof(tlv_len) <= 4) {
|
||||
ret = ber_fetch_length(0, buf3, sizeof(buf3), &tlv_len);
|
||||
printf("ret=%ld\n", (long)ret);
|
||||
assert(ret == -1);
|
||||
} else if(sizeof(tlv_len) == 8) {
|
||||
}
|
||||
if(sizeof(tlv_len) <= 8) {
|
||||
ret = ber_fetch_length(0, buf4, sizeof(buf4), &tlv_len);
|
||||
printf("ret=%ld\n", (long)ret);
|
||||
printf("ret=%lld\n", (long long)ret);
|
||||
assert(ret == -1);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue