Commit 17afb33c authored by Hallvard Furuseth's avatar Hallvard Furuseth
Browse files

ITS#5010: OID encode/decode fixes and paranoia. #define LBER_OID_COMPONENT_MAX.

parent b236aba4
......@@ -49,32 +49,44 @@ static ber_len_t ber_getnint LDAP_P((
int
ber_decode_oid( BerValue *in, BerValue *out )
{
unsigned char *der = (unsigned char *) in->bv_val;
unsigned long val, val1;
int i, len;
const unsigned char *der;
unsigned long val;
unsigned val1;
ber_len_t i;
char *ptr;
assert( in != NULL );
assert( out != NULL );
/* expands by 5/2, and we add dots - call it 3 */
if ( !out->bv_val || out->bv_len < in->bv_len * 3 )
/* need 4 chars/inbyte + \0 for input={7f 7f 7f...} */
if ( !out->bv_val || (out->bv_len+3)/4 <= in->bv_len )
return -1;
val1 = der[0] / 40;
val = der[0] - val1 * 40;
len = sprintf( out->bv_val, "%ld.%ld", val1, val );
ptr = out->bv_val + len;
ptr = NULL;
der = (unsigned char *) in->bv_val;
val = 0;
for ( i=1; i<in->bv_len; i++ ) {
val = val << 7;
for ( i=0; i < in->bv_len; i++ ) {
val |= der[i] & 0x7f;
if ( !( der[i] & 0x80 )) {
ptr += sprintf( ptr, ".%ld", val );
if ( ptr == NULL ) {
/* Initial "x.y": val=x*40+y, x<=2, y<40 if x=2 */
ptr = out->bv_val;
val1 = (val < 80 ? val/40 : 2);
val -= val1*40;
ptr += sprintf( ptr, "%u", val1 );
}
ptr += sprintf( ptr, ".%lu", val );
val = 0;
} else if ( val - 1UL < LBER_OID_COMPONENT_MAX >> 7 ) {
val <<= 7;
} else {
/* val would overflow, or is 0 from invalid initial 0x80 octet */
return -1;
}
}
if ( ptr == NULL || val != 0 )
return -1;
out->bv_len = ptr - out->bv_val;
return 0;
}
......
......@@ -30,6 +30,7 @@
#include "portable.h"
#include <ctype.h>
#include <stdio.h>
#include <ac/stdlib.h>
......@@ -181,59 +182,55 @@ ber_put_len( BerElement *ber, ber_len_t len, int nosos )
int
ber_encode_oid( BerValue *in, BerValue *out )
{
unsigned char *der = (unsigned char *) out->bv_val;
unsigned long val, val1;
int i, len;
unsigned char *der;
unsigned long val1, val;
int i, j, len;
char *ptr, *end, *inend;
assert( in != NULL );
assert( out != NULL );
if ( !out->bv_val || out->bv_len < in->bv_len )
if ( !out->bv_val || out->bv_len < in->bv_len/2 )
return -1;
/* OIDs must have at least two components */
if ( sscanf( in->bv_val, "%ld.%ld", &val, &val1 ) != 2 )
return -1;
val *= 40;
val += val1;
inend = in->bv_val + in->bv_len;
der = (unsigned char *) out->bv_val;
ptr = in->bv_val;
inend = ptr + in->bv_len;
ptr = strchr( in->bv_val, '.' );
ptr = strchr( ptr+1, '.' );
if ( ptr )
++ptr;
else
ptr = inend;
/* OIDs start with <0-1>.<0-39> or 2.<any>, DER-encoded 40*val1+val2 */
if ( !isdigit( (unsigned char) *ptr )) return -1;
val1 = strtoul( ptr, &end, 10 );
if ( end == ptr || val1 > 2 ) return -1;
if ( *end++ != '.' || !isdigit( (unsigned char) *end )) return -1;
val = strtoul( end, &ptr, 10 );
if ( ptr == end ) return -1;
if ( val > (val1 < 2 ? 39 : LBER_OID_COMPONENT_MAX - 80) ) return -1;
val += val1 * 40;
for (;;) {
if ( !val ) {
*der++ = 0;
} else {
int hibit = 0;
i = sizeof(unsigned long) + 1;
len = i;
for (;val;) {
i--;
val1 = val & 0x7f;
val >>= 7;
der[i] = val1 | hibit;
hibit = 0x80;
}
if ( i ) {
len -= i;
AC_MEMCPY( der, der+i, len );
}
der += len;
if ( ptr > inend ) return -1;
len = 0;
do {
der[len++] = (val & 0xff) | 0x80;
} while ( (val >>= 7) != 0 );
der[0] &= 0x7f;
for ( i = 0, j = len; i < --j; i++ ) {
unsigned char tmp = der[i];
der[i] = der[j];
der[j] = tmp;
}
if ( ptr >= inend ) break;
val = strtol( ptr, &end, 10 );
if ( ptr == end ) break;
if ( *end && *end != '.' ) break;
ptr = end + 1;
der += len;
if ( ptr == inend )
break;
if ( *ptr++ != '.' ) return -1;
if ( !isdigit( (unsigned char) *ptr )) return -1;
val = strtoul( ptr, &end, 10 );
if ( end == ptr || val > LBER_OID_COMPONENT_MAX ) return -1;
ptr = end;
}
out->bv_len = (char *)der - out->bv_val;
return 0;
}
......
......@@ -120,6 +120,14 @@ struct seqorset {
};
/*
* decode.c, encode.c
*/
/* Simplest OID max-DER-component to implement in both decode and encode */
#define LBER_OID_COMPONENT_MAX ((unsigned long)-1 - 128)
/*
* io.c
*/
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment