[S] Change in libasn1c[master]: coverity CID#27223

Mon, 02 Sep 2024 21:02:18 -0700 

neels has uploaded this change for review. ( 
https://gerrit.osmocom.org/c/libasn1c/+/37986?usp=email )


Change subject: coverity CID#27223
......................................................................

coverity CID#27223

Make sure that bits_unused cannot subtract more bits than present in
st->size.

Especially when st->size == 0, this ensures that sizeinunits is also 0,
and that a st->size == 0 hence never enters the while (sizeinunits)
loop.

Change-Id: Ib4d4d08dde9dc01403a62493ab6ae8b853b8a1ec
---
M src/OCTET_STRING.c
1 file changed, 9 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/libasn1c refs/changes/86/37986/1

diff --git a/src/OCTET_STRING.c b/src/OCTET_STRING.c
index 959c32e..d8f0f69 100644
--- a/src/OCTET_STRING.c
+++ b/src/OCTET_STRING.c
@@ -1699,6 +1699,7 @@
        unsigned int unit_bits;
        unsigned int canonical_unit_bits;
        unsigned int sizeinunits;
+       unsigned int unused;
        const uint8_t *buf;
        int ret;
        enum {
@@ -1728,7 +1729,11 @@
        case ASN_OSUBV_BIT:
                canonical_unit_bits = unit_bits = 1;
                bpc = OS__BPC_BIT;
-               sizeinunits = st->size * 8 - (st->bits_unused & 0x07);
+               sizeinunits = st->size * 8;
+               /* make sure sizeinunits cannot wrap past zero (especially when 
st->size == 0). */
+               unused = st->bits_unused & 0x07;
+               if (unused <= sizeinunits)
+                       sizeinunits -= unused;
                ASN_DEBUG("BIT STRING of %d bytes, %d bits unused",
                                sizeinunits, st->bits_unused);
                break;
@@ -1827,8 +1832,10 @@
                        ret = OCTET_STRING_per_put_characters(po, buf,
                                maySave, bpc, unit_bits,
                                cval->lower_bound, cval->upper_bound, pc);
-               } else {
+               } else if (buf) {
                        ret = per_put_many_bits(po, buf, maySave * unit_bits);
+               } else {
+                       _ASN_ENCODE_FAILED;
                }
                if(ret) _ASN_ENCODE_FAILED;


--
To view, visit https://gerrit.osmocom.org/c/libasn1c/+/37986?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: libasn1c
Gerrit-Branch: master
Gerrit-Change-Id: Ib4d4d08dde9dc01403a62493ab6ae8b853b8a1ec
Gerrit-Change-Number: 37986
Gerrit-PatchSet: 1
Gerrit-Owner: neels <[email protected]>

Reply via email to