Gitiles
Code Review Sign In
gerrit.osmocom.org / asn1c / f8b6e73a051b1f241cb3b4a50350803f09af79c6 / . / tests / tests-skeletons / check-length.c
blob: 1281f245f2f04f45c8e7aff28ab8b6e41e60d14d [file] [log] [blame]
Lev Walkin4eceeba2007-07-23 06:48:26 +0000[diff] [blame]1#include <stdio.h>
2#include <assert.h>
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]3
Lev Walkin4eceeba2007-07-23 06:48:26 +0000[diff] [blame]4#include <asn_internal.h>
5#include <ber_decoder.h>
6#include <OCTET_STRING.h>
7#include <ber_tlv_length.h>
8#include <ber_tlv_tag.h>
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]9
10uint8_t *buf;
11size_t buf_size;
12size_t buf_off;
13
14static int
15write_to_buf(const void *buffer, size_t size, void *key) {
16 (void)key;
17
18 if(buf_off + size > buf_size) {
19 size_t n = buf_size?:16;
20 while(n < buf_off + size) n <<= 2;
21 buf = realloc(buf, n);
22 assert(buf);
23 buf_size = n;
24 }
25
26 memcpy(buf + buf_off, buffer, size);
27
28 buf_off += size;
29 return 0;
30}
31
32
33static void
Lev Walkin97363482016-01-24 19:23:02 -0800[diff] [blame]34check(size_t size) {
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]35 OCTET_STRING_t *os;
36 OCTET_STRING_t *nos = 0;
Lev Walkinb1919382006-07-27 11:46:25 +0000[diff] [blame]37 OCTET_STRING_t **nosp = &nos;
Lev Walkina9cc46e2004-09-22 16:06:28 +0000[diff] [blame]38 asn_enc_rval_t erval;
Lev Walkindc06f6b2004-10-20 15:50:55 +0000[diff] [blame]39 asn_dec_rval_t rval;
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]40
Lev Walkinbbd93252004-10-12 05:57:23 +0000[diff] [blame]41 os = OCTET_STRING_new_fromBuf(&asn_DEF_OCTET_STRING, 0, size);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]42 assert(os);
43 assert(os->size == 0);
44
45 os->buf = malloc(size);
46 assert(os->buf);
47 os->size = size;
48
Lev Walkin97363482016-01-24 19:23:02 -0800[diff] [blame]49 for(size_t i = 0; i < size; i++) {
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]50 os->buf[i] = i;
51 }
52
53 buf_off = 0;
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]54 erval = der_encode(&asn_DEF_OCTET_STRING,
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]55 os, write_to_buf, 0);
Lev Walkin97363482016-01-24 19:23:02 -0800[diff] [blame]56 assert(erval.encoded >= 0 && (size_t)erval.encoded == buf_off);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]57 assert(buf_off > size);
58
Lev Walkinb1919382006-07-27 11:46:25 +0000[diff] [blame]59 rval = ber_decode(0, &asn_DEF_OCTET_STRING, (void **)nosp, buf, buf_off);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]60 assert(rval.code == RC_OK);
61 assert(rval.consumed == buf_off);
62
63 assert(os->size == nos->size);
64
Lev Walkin97363482016-01-24 19:23:02 -0800[diff] [blame]65 for(size_t i = 0; i < size; i++) {
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]66 assert(os->buf[i] == nos->buf[i]);
67 }
68
69 if(0) {
Lev Walkin97363482016-01-24 19:23:02 -0800[diff] [blame]70 fprintf(stderr, "new(%zd):", size);
71 for(size_t i = 0; i < (buf_off<10?buf_off:10); i++)
Lev Walkinbbd93252004-10-12 05:57:23 +0000[diff] [blame]72 fprintf(stderr, " %02x", buf[i]);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]73 printf("\n");
74 }
75
76
Bi-Ruei, Chiu1f87ac02017-08-20 01:25:45 +0800[diff] [blame]77 ASN_STRUCT_FREE(asn_DEF_OCTET_STRING, os);
78 ASN_STRUCT_FREE(asn_DEF_OCTET_STRING, nos);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]79}
80
81int
82main() {
Lev Walkin6cbed3d2017-10-07 16:42:41 -0700[diff] [blame]83 uint8_t buf1[] = {0x85, 0x00, 0x01, 0x02, 0x03, 0x04};
84 uint8_t buf2[] = {0x85, 0x00, 0x7f, 0xff, 0x03, 0x04};
85 uint8_t buf3[] = {0x85, 0x00, 0x7f, 0xff, 0xff, 0x04};
86 uint8_t buf4[] = {0x89, 0x00, 0x7f, 0xff, 0xff,
87 0xff, 0xff, 0xff, 0xff, 0x04};
88 ber_tlv_len_t tlv_len;
89 ssize_t ret;
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]90
Lev Walkin6cbed3d2017-10-07 16:42:41 -0700[diff] [blame]91 for(size_t i = 0; i < 66000; i++) {
92 if(i == 4500) i = 64000; /* Jump */
93 check(i);
94 }
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]95
Lev Walkin6cbed3d2017-10-07 16:42:41 -0700[diff] [blame]96 ret = ber_fetch_length(0, buf1, sizeof(buf1), &tlv_len);
97 printf("ret=%zd, len=%zd\n", ret, tlv_len);
98 assert(ret == sizeof(buf1));
99 assert(tlv_len == 0x01020304);
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]100
Lev Walkin6cbed3d2017-10-07 16:42:41 -0700[diff] [blame]101 /*
102 * Here although tlv_len is not greater than 2^31,
103 * we ought to hit embedded length exploitation preventive checks.
104 */
105 ret = ber_fetch_length(0, buf2, sizeof(buf2), &tlv_len);
106 if(sizeof(tlv_len) <= 4) {
107 assert(ret == -1);
108 } else {
109 printf("ret=%zd, len=%zd\n", ret, tlv_len);
110 assert(ret == sizeof(buf2));
111 assert(tlv_len == 0x7fff0304);
112 }
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]113
Lev Walkin6cbed3d2017-10-07 16:42:41 -0700[diff] [blame]114 if(sizeof(tlv_len) <= 4) {
115 ret = ber_fetch_length(0, buf3, sizeof(buf3), &tlv_len);
116 printf("ret=%zd\n", ret);
117 printf("len=0x%08zx\n", tlv_len);
118 assert(ret == -1);
119 }
120 if(sizeof(tlv_len) <= 8) {
121 ret = ber_fetch_length(0, buf4, sizeof(buf4), &tlv_len);
122 printf("ret=%zd\n", ret);
123 assert(ret == -1);
124 }
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]125
Lev Walkin6cbed3d2017-10-07 16:42:41 -0700[diff] [blame]126 return 0;
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]127}