/* tasn_dec.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
static int asn1_find_end(const unsigned char **in, long len, char inf);
static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
- char inf, int tag, int aclass);
+ char inf, int tag, int aclass, int depth);
static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
int tag, int aclass, char opt, ASN1_TLC *ctx);
/* Table to convert tags to bit values, used for MSTRING type */
-static unsigned long tag2bit[32] = {
+static const unsigned long tag2bit[32] = {
0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
/* Macro to initialize and invalidate the cache */
#define asn1_tlc_clear(c) if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c) (c)->valid = 0
/* Decode an ASN1 item, this currently behaves just
* like a standard 'd2i' function. 'in' points to
ASN1_VALUE *ptmpval = NULL;
if (!pval)
pval = &ptmpval;
- asn1_tlc_clear(&c);
+ asn1_tlc_clear_nc(&c);
if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
return *pval;
return NULL;
const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
{
ASN1_TLC c;
- asn1_tlc_clear(&c);
+ asn1_tlc_clear_nc(&c);
return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
}
int i;
int otag;
int ret = 0;
- ASN1_VALUE *pchval, **pchptr, *ptmpval;
+ ASN1_VALUE **pchptr, *ptmpval;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
goto err;
}
/* CHOICE type, try each possibility in turn */
- pchval = NULL;
p = *in;
for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
{
err:
ASN1_template_free(val, tt);
- *val = NULL;
return 0;
}
else
{
/* We've got a valid STACK: free up any items present */
- STACK *sktmp = (STACK *)*val;
+ STACK_OF(ASN1_VALUE) *sktmp
+ = (STACK_OF(ASN1_VALUE) *)*val;
ASN1_VALUE *vtmp;
- while(sk_num(sktmp) > 0)
+ while(sk_ASN1_VALUE_num(sktmp) > 0)
{
- vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+ vtmp = sk_ASN1_VALUE_pop(sktmp);
ASN1_item_ex_free(&vtmp,
ASN1_ITEM_ptr(tt->item));
}
goto err;
}
len -= p - q;
- if (!sk_push((STACK *)*val, (char *)skfield))
+ if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
+ skfield))
{
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_MALLOC_FAILURE);
err:
ASN1_template_free(val, tt);
- *val = NULL;
return 0;
}
* internally irrespective of the type. So instead just check
* for UNIVERSAL class and ignore the tag.
*/
- if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
+ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
{
free_cont = 1;
goto err;
if (utype != typ->type)
ASN1_TYPE_set(typ, utype, NULL);
opval = pval;
- pval = (ASN1_VALUE **)&typ->value.ptr;
+ pval = &typ->value.asn1_value;
}
switch(utype)
{
case V_ASN1_SET:
case V_ASN1_SEQUENCE:
default:
+ if (utype == V_ASN1_BMPSTRING && (len & 1))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
+ if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+ {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
/* All based on ASN1_STRING and handled the same */
if (!*pval)
{
* if it is indefinite length.
*/
+#ifndef ASN1_MAX_STRING_NEST
+/* This determines how many levels of recursion are permitted in ASN1
+ * string types. If it is not limited stack overflows can occur. If set
+ * to zero no recursion is allowed at all. Although zero should be adequate
+ * examples exist that require a value of 1. So 5 should be more than enough.
+ */
+#define ASN1_MAX_STRING_NEST 5
+#endif
+
+
static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
- char inf, int tag, int aclass)
+ char inf, int tag, int aclass, int depth)
{
const unsigned char *p, *q;
long plen;
/* If indefinite length constructed update max length */
if (cst)
{
-#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
- if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
+ if (depth >= ASN1_MAX_STRING_NEST)
+ {
+ ASN1err(ASN1_F_ASN1_COLLECT,
+ ASN1_R_NESTED_ASN1_STRING);
+ return 0;
+ }
+ if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
+ depth + 1))
return 0;
-#else
- ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
- return 0;
-#endif
}
else if (plen && !collect_data(buf, &p, plen))
return 0;