Blame - skeletons/tests/check-length.c - asn1c

blob: 56ec0db3b38cc5c3ba4455092fd685ccf48ea9a0 [file] [log] [blame]

vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	1	#include <ber_decoder.c>
				2	#include <ber_tlv_length.c>
				3	#include <ber_tlv_tag.c>
				4	#include <der_encoder.c>
vlm	9de248e	2004-10-20 15:50:55 +0000	[diff] [blame]	5	#include <xer_decoder.c>
				6	#include <xer_support.c>
vlm	337167e	2005-11-26 11:25:14 +0000	[diff] [blame]	7	#include <per_support.c>
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	8	#include <constraints.c>
				9	#undef ADVANCE
				10	#undef RETURN
				11	#undef LEFT
				12	#include <OCTET_STRING.c>
				13
				14
				15	uint8_t *buf;
				16	size_t buf_size;
				17	size_t buf_off;
				18
				19	static int
				20	write_to_buf(const void buffer, size_t size, void key) {
				21	(void)key;
				22
				23	if(buf_off + size > buf_size) {
				24	size_t n = buf_size?:16;
				25	while(n < buf_off + size) n <<= 2;
				26	buf = realloc(buf, n);
				27	assert(buf);
				28	buf_size = n;
				29	}
				30
				31	memcpy(buf + buf_off, buffer, size);
				32
				33	buf_off += size;
				34	return 0;
				35	}
				36
				37
				38	static void
				39	check(int size) {
				40	OCTET_STRING_t *os;
				41	OCTET_STRING_t *nos = 0;
vlm	170e42c	2006-07-27 11:46:25 +0000	[diff] [blame]	42	OCTET_STRING_t **nosp = &nos;
vlm	39ba4c4	2004-09-22 16:06:28 +0000	[diff] [blame]	43	asn_enc_rval_t erval;
vlm	9de248e	2004-10-20 15:50:55 +0000	[diff] [blame]	44	asn_dec_rval_t rval;
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	45	int i;
				46
vlm	0f1ab76	2004-10-12 05:57:23 +0000	[diff] [blame]	47	os = OCTET_STRING_new_fromBuf(&asn_DEF_OCTET_STRING, 0, size);
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	48	assert(os);
				49	assert(os->size == 0);
				50
				51	os->buf = malloc(size);
				52	assert(os->buf);
				53	os->size = size;
				54
				55	for(i = 0; i < size; i++) {
				56	os->buf[i] = i;
				57	}
				58
				59	buf_off = 0;
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	60	erval = der_encode(&asn_DEF_OCTET_STRING,
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	61	os, write_to_buf, 0);
				62	assert(erval.encoded == buf_off);
				63	assert(buf_off > size);
				64
vlm	170e42c	2006-07-27 11:46:25 +0000	[diff] [blame]	65	rval = ber_decode(0, &asn_DEF_OCTET_STRING, (void **)nosp, buf, buf_off);
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	66	assert(rval.code == RC_OK);
				67	assert(rval.consumed == buf_off);
				68
				69	assert(os->size == nos->size);
				70
				71	for(i = 0; i < size; i++) {
				72	assert(os->buf[i] == nos->buf[i]);
				73	}
				74
				75	if(0) {
vlm	0f1ab76	2004-10-12 05:57:23 +0000	[diff] [blame]	76	fprintf(stderr, "new(%d):", size);
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	77	for(i = 0; i < (buf_off<10?buf_off:10); i++)
vlm	0f1ab76	2004-10-12 05:57:23 +0000	[diff] [blame]	78	fprintf(stderr, " %02x", buf[i]);
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	79	printf("\n");
				80	}
				81
				82
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	83	asn_DEF_OCTET_STRING.free_struct(&asn_DEF_OCTET_STRING, os, 0);
				84	asn_DEF_OCTET_STRING.free_struct(&asn_DEF_OCTET_STRING, nos, 0);
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	85	}
				86
				87	int
				88	main() {
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	89	uint8_t buf1[] = { 0x85, 0x00, 0x01, 0x02, 0x03, 0x04 };
				90	uint8_t buf2[] = { 0x85, 0x00, 0x7f, 0xff, 0x03, 0x04 };
				91	uint8_t buf3[] = { 0x85, 0x00, 0x7f, 0xff, 0xff, 0x04 };
vlm	6c59384	2004-10-26 09:03:31 +0000	[diff] [blame]	92	uint8_t buf4[] = { 0x89, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04 };
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	93	ber_tlv_len_t tlv_len;
				94	ssize_t ret;
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	95	int i;
				96
				97	for(i = 0; i < 66000; i++) {
vlm	0f1ab76	2004-10-12 05:57:23 +0000	[diff] [blame]	98	if(i == 4500) i = 64000; /* Jump */
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	99	check(i);
				100	}
				101
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	102	ret = ber_fetch_length(0, buf1, sizeof(buf1), &tlv_len);
vlm	899ee7b	2004-10-26 08:02:01 +0000	[diff] [blame]	103	printf("ret=%ld, len=%ld\n", (long)ret, (long)tlv_len);
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	104	assert(ret == sizeof(buf1));
vlm	735e461	2006-07-13 09:22:34 +0000	[diff] [blame]	105	assert(tlv_len == 0x01020304);
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	106
				107	ret = ber_fetch_length(0, buf2, sizeof(buf2), &tlv_len);
vlm	899ee7b	2004-10-26 08:02:01 +0000	[diff] [blame]	108	printf("ret=%ld, len=%ld\n", (long)ret, (long)tlv_len);
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	109	assert(ret == sizeof(buf2));
vlm	735e461	2006-07-13 09:22:34 +0000	[diff] [blame]	110	assert(tlv_len == 0x7fff0304);
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	111
vlm	735e461	2006-07-13 09:22:34 +0000	[diff] [blame]	112	/*
				113	* Here although tlv_len is not greater than 2^31,
				114	* we ought to hit an embedded length exploitation preventive check.
				115	*/
vlm	e939576	2006-07-13 12:01:26 +0000	[diff] [blame]	116	printf("sizeof(tlv_len) = %d\n", (int)sizeof(tlv_len));
vlm	735e461	2006-07-13 09:22:34 +0000	[diff] [blame]	117	if(sizeof(tlv_len) <= 4) {
vlm	6c59384	2004-10-26 09:03:31 +0000	[diff] [blame]	118	ret = ber_fetch_length(0, buf3, sizeof(buf3), &tlv_len);
				119	printf("ret=%ld\n", (long)ret);
vlm	2089049	2006-07-27 12:07:34 +0000	[diff] [blame]	120	printf("len=0x%x\n", (unsigned int)tlv_len);
vlm	6c59384	2004-10-26 09:03:31 +0000	[diff] [blame]	121	assert(ret == -1);
vlm	735e461	2006-07-13 09:22:34 +0000	[diff] [blame]	122	}
				123	if(sizeof(tlv_len) <= 8) {
vlm	6c59384	2004-10-26 09:03:31 +0000	[diff] [blame]	124	ret = ber_fetch_length(0, buf4, sizeof(buf4), &tlv_len);
vlm	735e461	2006-07-13 09:22:34 +0000	[diff] [blame]	125	printf("ret=%lld\n", (long long)ret);
vlm	6c59384	2004-10-26 09:03:31 +0000	[diff] [blame]	126	assert(ret == -1);
				127	}
vlm	c896456	2004-09-29 13:24:33 +0000	[diff] [blame]	128
vlm	5ee0b9b	2004-08-19 16:42:54 +0000	[diff] [blame]	129	return 0;
				130	}