Gitiles
Code Review Sign In
gerrit.osmocom.org / asn1c / fb2a30b8c6bcc4affb3d18e2ab7378a5f7c187f2 / . / skeletons / tests / check-length.c
blob: 8c2b64b736cb97e60b2467e26eb7cb7cfeb274d7 [file] [log] [blame]
Lev Walkin4eceeba2007-07-23 06:48:26 +0000[diff] [blame]1#include <stdio.h>
2#include <assert.h>
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]3
Lev Walkin4eceeba2007-07-23 06:48:26 +0000[diff] [blame]4#include <asn_internal.h>
5#include <ber_decoder.h>
6#include <OCTET_STRING.h>
7#include <ber_tlv_length.h>
8#include <ber_tlv_tag.h>
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]9
10uint8_t *buf;
11size_t buf_size;
12size_t buf_off;
13
14static int
15write_to_buf(const void *buffer, size_t size, void *key) {
16 (void)key;
17
18 if(buf_off + size > buf_size) {
19 size_t n = buf_size?:16;
20 while(n < buf_off + size) n <<= 2;
21 buf = realloc(buf, n);
22 assert(buf);
23 buf_size = n;
24 }
25
26 memcpy(buf + buf_off, buffer, size);
27
28 buf_off += size;
29 return 0;
30}
31
32
33static void
34check(int size) {
35 OCTET_STRING_t *os;
36 OCTET_STRING_t *nos = 0;
Lev Walkinb1919382006-07-27 11:46:25 +0000[diff] [blame]37 OCTET_STRING_t **nosp = &nos;
Lev Walkina9cc46e2004-09-22 16:06:28 +0000[diff] [blame]38 asn_enc_rval_t erval;
Lev Walkindc06f6b2004-10-20 15:50:55 +0000[diff] [blame]39 asn_dec_rval_t rval;
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]40 int i;
41
Lev Walkinbbd93252004-10-12 05:57:23 +0000[diff] [blame]42 os = OCTET_STRING_new_fromBuf(&asn_DEF_OCTET_STRING, 0, size);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]43 assert(os);
44 assert(os->size == 0);
45
46 os->buf = malloc(size);
47 assert(os->buf);
48 os->size = size;
49
50 for(i = 0; i < size; i++) {
51 os->buf[i] = i;
52 }
53
54 buf_off = 0;
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]55 erval = der_encode(&asn_DEF_OCTET_STRING,
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]56 os, write_to_buf, 0);
57 assert(erval.encoded == buf_off);
58 assert(buf_off > size);
59
Lev Walkinb1919382006-07-27 11:46:25 +0000[diff] [blame]60 rval = ber_decode(0, &asn_DEF_OCTET_STRING, (void **)nosp, buf, buf_off);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]61 assert(rval.code == RC_OK);
62 assert(rval.consumed == buf_off);
63
64 assert(os->size == nos->size);
65
66 for(i = 0; i < size; i++) {
67 assert(os->buf[i] == nos->buf[i]);
68 }
69
70 if(0) {
Lev Walkinbbd93252004-10-12 05:57:23 +0000[diff] [blame]71 fprintf(stderr, "new(%d):", size);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]72 for(i = 0; i < (buf_off<10?buf_off:10); i++)
Lev Walkinbbd93252004-10-12 05:57:23 +0000[diff] [blame]73 fprintf(stderr, " %02x", buf[i]);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]74 printf("\n");
75 }
76
77
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]78 asn_DEF_OCTET_STRING.free_struct(&asn_DEF_OCTET_STRING, os, 0);
79 asn_DEF_OCTET_STRING.free_struct(&asn_DEF_OCTET_STRING, nos, 0);
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]80}
81
82int
83main() {
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]84 uint8_t buf1[] = { 0x85, 0x00, 0x01, 0x02, 0x03, 0x04 };
85 uint8_t buf2[] = { 0x85, 0x00, 0x7f, 0xff, 0x03, 0x04 };
86 uint8_t buf3[] = { 0x85, 0x00, 0x7f, 0xff, 0xff, 0x04 };
Lev Walkin33700162004-10-26 09:03:31 +0000[diff] [blame]87 uint8_t buf4[] = { 0x89, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04 };
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]88 ber_tlv_len_t tlv_len;
89 ssize_t ret;
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]90 int i;
91
92 for(i = 0; i < 66000; i++) {
Lev Walkinbbd93252004-10-12 05:57:23 +0000[diff] [blame]93 if(i == 4500) i = 64000; /* Jump */
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]94 check(i);
95 }
96
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]97 ret = ber_fetch_length(0, buf1, sizeof(buf1), &tlv_len);
Lev Walkin6c452312004-10-26 08:02:01 +0000[diff] [blame]98 printf("ret=%ld, len=%ld\n", (long)ret, (long)tlv_len);
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]99 assert(ret == sizeof(buf1));
Lev Walkin8db9fab2006-07-13 09:22:34 +0000[diff] [blame]100 assert(tlv_len == 0x01020304);
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]101
102 ret = ber_fetch_length(0, buf2, sizeof(buf2), &tlv_len);
Lev Walkin6c452312004-10-26 08:02:01 +0000[diff] [blame]103 printf("ret=%ld, len=%ld\n", (long)ret, (long)tlv_len);
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]104 assert(ret == sizeof(buf2));
Lev Walkin8db9fab2006-07-13 09:22:34 +0000[diff] [blame]105 assert(tlv_len == 0x7fff0304);
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]106
Lev Walkin8db9fab2006-07-13 09:22:34 +0000[diff] [blame]107 /*
108 * Here although tlv_len is not greater than 2^31,
109 * we ought to hit an embedded length exploitation preventive check.
110 */
Lev Walkin97c5cfc2006-07-13 12:01:26 +0000[diff] [blame]111 printf("sizeof(tlv_len) = %d\n", (int)sizeof(tlv_len));
Lev Walkin8db9fab2006-07-13 09:22:34 +0000[diff] [blame]112 if(sizeof(tlv_len) <= 4) {
Lev Walkin33700162004-10-26 09:03:31 +0000[diff] [blame]113 ret = ber_fetch_length(0, buf3, sizeof(buf3), &tlv_len);
114 printf("ret=%ld\n", (long)ret);
Lev Walkinfa8b09d2006-07-27 12:07:34 +0000[diff] [blame]115 printf("len=0x%x\n", (unsigned int)tlv_len);
Lev Walkin33700162004-10-26 09:03:31 +0000[diff] [blame]116 assert(ret == -1);
Lev Walkin8db9fab2006-07-13 09:22:34 +0000[diff] [blame]117 }
118 if(sizeof(tlv_len) <= 8) {
Lev Walkin33700162004-10-26 09:03:31 +0000[diff] [blame]119 ret = ber_fetch_length(0, buf4, sizeof(buf4), &tlv_len);
Lev Walkin8db9fab2006-07-13 09:22:34 +0000[diff] [blame]120 printf("ret=%lld\n", (long long)ret);
Lev Walkin33700162004-10-26 09:03:31 +0000[diff] [blame]121 assert(ret == -1);
122 }
Lev Walkin27d70492004-09-29 13:24:33 +0000[diff] [blame]123
Lev Walkincb90bfc2004-08-19 16:42:54 +0000[diff] [blame]124 return 0;
125}