diff options
author | Björn Gustavsson <[email protected]> | 2014-10-20 11:51:14 +0200 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2014-10-20 11:51:14 +0200 |
commit | 4f4f0681a030c6aac3b763def0ee2d37421e4f40 (patch) | |
tree | d46855e45c442286e885f76d8ee85ab3b3db870b | |
parent | 98baee7ecca0ad0794560d455a1bb0e5f9c5cb40 (diff) | |
parent | 62bab9a7a2adbe3f1b7960a35d7dab1d7119c639 (diff) | |
download | otp-4f4f0681a030c6aac3b763def0ee2d37421e4f40.tar.gz otp-4f4f0681a030c6aac3b763def0ee2d37421e4f40.tar.bz2 otp-4f4f0681a030c6aac3b763def0ee2d37421e4f40.zip |
Merge branch 'bjorn/asn1/primitive-indefinite-length/OTP-12205' into maint
* bjorn/asn1/primitive-indefinite-length/OTP-12205:
BER decoding: Don't allow primitives with indefinite lengths
-rw-r--r-- | lib/asn1/c_src/asn1_erl_nif.c | 2 | ||||
-rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Constructed.asn | 6 | ||||
-rw-r--r-- | lib/asn1/test/ber_decode_error.erl | 4 |
3 files changed, 8 insertions, 4 deletions
diff --git a/lib/asn1/c_src/asn1_erl_nif.c b/lib/asn1/c_src/asn1_erl_nif.c index 53e3aa1678..317a464060 100644 --- a/lib/asn1/c_src/asn1_erl_nif.c +++ b/lib/asn1/c_src/asn1_erl_nif.c @@ -949,7 +949,7 @@ static int ber_decode_value(ErlNifEnv* env, ERL_NIF_TERM *value, unsigned char * } else if (in_buf[*ib_index] == ASN1_INDEFINITE_LENGTH) { (*ib_index)++; curr_head = enif_make_list(env, 0); - if (*ib_index+1 >= in_buf_len) { + if (*ib_index+1 >= in_buf_len || form == ASN1_PRIMITIVE) { return ASN1_INDEF_LEN_ERROR; } while (!(in_buf[*ib_index] == 0 && in_buf[*ib_index + 1] == 0)) { diff --git a/lib/asn1/test/asn1_SUITE_data/Constructed.asn b/lib/asn1/test/asn1_SUITE_data/Constructed.asn index 09a66d0c0d..bd49741726 100644 --- a/lib/asn1/test/asn1_SUITE_data/Constructed.asn +++ b/lib/asn1/test/asn1_SUITE_data/Constructed.asn @@ -1,6 +1,3 @@ - - - Constructed DEFINITIONS ::= BEGIN @@ -20,4 +17,7 @@ C ::= CHOICE { S3 ::= SEQUENCE {i INTEGER} S3ext ::= SEQUENCE {i INTEGER, ...} + +OS ::= OCTET STRING + END diff --git a/lib/asn1/test/ber_decode_error.erl b/lib/asn1/test/ber_decode_error.erl index 6fd2450c62..ef11717c45 100644 --- a/lib/asn1/test/ber_decode_error.erl +++ b/lib/asn1/test/ber_decode_error.erl @@ -61,6 +61,10 @@ run([]) -> (catch 'Constructed':decode('S', sub(<<40,16#80,1,1,255,0,0>>, 6))), {error,{asn1,{invalid_length,_}}} = (catch 'Constructed':decode('S', sub(<<40,16#80,1,1,255,0,0>>, 5))), + + %% A primitive must not be encoded with an indefinite length. + {error,{asn1,{invalid_length,_}}} = + (catch 'Constructed':decode('OS', <<4,128,4,3,97,98,99,0,0>>)), ok. sub(Bin, Bytes) -> |