asn1_k_decode.c (setup, next_tag, apptag, get_field_body,

get_lenfield_body, asn1_decode_ticket): Use the taglength to determine whether or not the indefinite encoding was used, and if so skip over the termination flag bytes in the ASN.1 stream. asn1buf.c (asn1buf_imbed, asn1buf_remains): Make changes to allow for indefinite encodings. asn1buf_remains() is now only used for decoding structures and arrays (i.e., asn.1 constructs which terminate indefinite encodings with two zero octets. [ Note these fixes to support indefinite encoding aren't terribly clean; some invalid encodings may be accepted when they should not be. This should be looked at in more detail later.] asn1_get.c (asn1_get_tag): Inline original asn1buf_remains() code, since asn1_get_tag doesn't use asn1buf_remains in the context of a structure or an array. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5353 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1995-04-13 16:35:42 +0000
committer: Theodore Tso <tytso@mit.edu> 1995-04-13 16:35:42 +0000
commit: 73bd684de42505fe4e6a15803ddf074c57db671c (patch)
tree: 2ba54a91d188f3622a7237bf5a7bf26c92232fd0
parent: dc6f3c3836d63a93ff5820aad902e7e76d5eedfb (diff)
download: krb5-73bd684de42505fe4e6a15803ddf074c57db671c.tar.gz
krb5-73bd684de42505fe4e6a15803ddf074c57db671c.tar.xz
krb5-73bd684de42505fe4e6a15803ddf074c57db671c.zip
5 files changed, 64 insertions, 13 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index 6bcf12ddbd..8daaad5fc7 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,26 @@
+Wed Mar 22 09:39:55 1995    <tytso@rsx-11.mit.edu>
+
+	* asn1_k_decode.c (setup, next_tag, apptag, get_field_body,
+		get_lenfield_body, asn1_decode_ticket): Use the
+		taglength to determine whether or not the indefinite
+		encoding was used, and if so skip over the termination
+		flag bytes in the ASN.1 stream.
+
+	* asn1buf.c (asn1buf_imbed, asn1buf_remains): Make changes to
+		allow for indefinite encodings.  asn1buf_remains() is now
+		only used for decoding structures and arrays (i.e., asn.1
+		constructs which terminate indefinite encodings with two
+		zero octets.
+
+		[ Note these fixes to support indefinite encoding
+		aren't terribly clean; some invalid encodings may
+		be accepted when they should not be.  This should be
+		looked at in more detail later.]
+
+	* asn1_get.c (asn1_get_tag): Inline original asn1buf_remains()
+		code, since asn1_get_tag doesn't use asn1buf_remains in
+		the context of a structure or an array.
+
 Sat Mar 25 14:12:31 1995  Tom Yu  (tlyu@dragons-lair)
 
 	* asn1_decode.c: move declaration of gmt_mktime() outside of
diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c
index 730d679e0e..3a7e33d756 100644
--- a/src/lib/krb5/asn.1/asn1_get.c
+++ b/src/lib/krb5/asn.1/asn1_get.c
@@ -32,9 +32,10 @@ asn1_error_code INTERFACE asn1_get_tag(buf, class, construction, tagnum, retlen)
 {
   asn1_error_code retval;
   
-  if(asn1buf_remains(buf) <= 0){
-    *tagnum = ASN1_TAGNUM_CEILING;
-    return 0;
+  if (buf == NULL || buf->base == NULL ||
+      buf->bound - buf->next + 1 <= 0) {
+      *tagnum = ASN1_TAGNUM_CEILING;
+      return 0;
   }
   retval = asn1_get_id(buf,class,construction,tagnum);
   if(retval) return retval;
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c
index 240489891d..0d2566e2d8 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -31,10 +31,10 @@ asn1_error_code retval;\
 asn1_class class;\
 asn1_construction construction;\
 asn1_tagnum tagnum;\
-int length
+int length,taglen,applen
 
 #define next_tag()\
-retval = asn1_get_tag(&subbuf,&class,&construction,&tagnum,NULL);\
+retval = asn1_get_tag(&subbuf,&class,&construction,&tagnum,&taglen);\
 if(retval) return retval;\
 if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
   return ASN1_BAD_ID
@@ -45,7 +45,7 @@ if((var) == NULL) return ENOMEM
 
 
 #define apptag(tagexpect)\
-retval = asn1_get_tag(buf,&class,&construction,&tagnum,NULL);\
+retval = asn1_get_tag(buf,&class,&construction,&tagnum,&applen);\
 if(retval) return retval;\
 if(class != APPLICATION || construction != CONSTRUCTED ||\
    tagnum != (tagexpect)) return ASN1_BAD_ID
@@ -54,6 +54,7 @@ if(class != APPLICATION || construction != CONSTRUCTED ||\
 #define get_field_body(var,decoder)\
 retval = decoder(&subbuf,&(var));\
 if(retval) return retval;\
+if(!taglen) next_tag();\
 next_tag()
 
 #define get_field(var,tagexpect,decoder)\
@@ -70,6 +71,7 @@ else var = optvalue
 #define get_lenfield_body(len,var,decoder)\
 retval = decoder(&subbuf,&(len),&(var));\
 if(retval) return retval;\
+if(!taglen) next_tag();\
 next_tag()
 
 #define get_lenfield(len,var,tagexpect,decoder)\
@@ -361,6 +363,10 @@ asn1_error_code INTERFACE asn1_decode_ticket(buf, val)
     end_structure();
     val->magic = KV5M_TICKET;
   }
+  if(!applen) {
+    retval = asn1_get_tag(buf,&class,&construction,&tagnum,NULL);
+    if (retval) return retval;
+  }
   cleanup();
 }
 
diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c
index 98aa65f854..e04b0928d6 100644
--- a/src/lib/krb5/asn.1/asn1buf.c
+++ b/src/lib/krb5/asn.1/asn1buf.c
@@ -78,8 +78,12 @@ asn1_error_code INTERFACE asn1buf_imbed(subbuf, buf, length)
      const int length;
 {
   subbuf->base = subbuf->next = buf->next;
-  subbuf->bound = subbuf->base + length - 1;
-  if(subbuf->bound > buf->bound) return ASN1_OVERRUN;
+  if (length > 0 ) {
+      subbuf->bound = subbuf->base + length - 1;
+      if (subbuf->bound > buf->bound)
+	  return ASN1_OVERRUN;
+  } else /* constructed indefinite */
+      subbuf->bound = buf->bound;
   return 0;
 }
 
@@ -194,13 +198,28 @@ asn1_error_code INTERFACE asn1buf_remove_charstring(buf, len, s)
   return 0;
 }
 
-int INTERFACE asn1buf_remains(buf)
-     const asn1buf * buf;
+int asn1buf_remains(buf)
+    asn1buf *buf;
 {
+  int remain;
   if(buf == NULL || buf->base == NULL) return 0;
-  else return buf->bound - buf->next + 1;
+  remain = buf->bound - buf->next +1;
+  if (remain <= 0) return remain;
+  /*
+   * Two 0 octets means the end of an indefinite encoding.
+   * 
+   * XXX  Do we need to test to make sure we'er actually doing an
+   * indefinite encoding here?
+   */
+  if ( !*(buf->next) && !*(buf->next + 1)) {
+   /* buf->bound = buf->next + 1;  */
+      buf->next += 2;
+      return 0;
+  }
+  else return remain;
 }
 
+
 asn1_error_code INTERFACE asn12krb5_buf(buf, code)
      const asn1buf * buf;
      krb5_data ** code;
diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h
index 067bbf6099..0d18f3b7ce 100644
--- a/src/lib/krb5/asn.1/asn1buf.h
+++ b/src/lib/krb5/asn.1/asn1buf.h
@@ -143,8 +143,10 @@ asn1_error_code INTERFACE asn12krb5_buf
 
 
 int INTERFACE asn1buf_remains
-	PROTOTYPE((const asn1buf *buf));
-/* effects   Returns the number of unprocessed octets remaining in *buf. */
+	PROTOTYPE((asn1buf *buf));
+/* requires  *buf is a buffer containing an asn.1 structure or array
+   modifies  *buf
+   effects   Returns the number of unprocessed octets remaining in *buf. */
 
 /**************** Private Procedures ****************/
author	Theodore Tso <tytso@mit.edu>	1995-04-13 16:35:42 +0000
committer	Theodore Tso <tytso@mit.edu>	1995-04-13 16:35:42 +0000
commit	73bd684de42505fe4e6a15803ddf074c57db671c (patch)
tree	2ba54a91d188f3622a7237bf5a7bf26c92232fd0
parent	dc6f3c3836d63a93ff5820aad902e7e76d5eedfb (diff)
download	krb5-73bd684de42505fe4e6a15803ddf074c57db671c.tar.gz krb5-73bd684de42505fe4e6a15803ddf074c57db671c.tar.xz krb5-73bd684de42505fe4e6a15803ddf074c57db671c.zip