Re: [openssl.org #20] patch for asn1_d2i_read_bio() to detect truncated data

Tue, 03 Dec 2002 06:50:23 -0800 

On Tue, Dec 03, 2002 at 03:10:26PM +0100, Stephen Henson via RT wrote:
> What do you mean "buggy behaviour"? OpenSSL ASN1 code expects a complete
> structure only and should produce an error if it is incomplete, at least at
                     ^^^^^^^^^^^^^^^^^^^^^^^
                     exactly

I mean that OpenSSL not produce any error!
My colleague sent some easy example, that demonstrates this bug.
(example is attached again)
-- 
Zito

#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/asn1t.h>
#include <openssl/asn1.h>


typedef struct {                  // ASN1 structure for message
  ASN1_INTEGER *cislo;            // integer number
  ASN1_IA5STRING *str;            // text
} ZPRAVA;


ASN1_SEQUENCE(ZPRAVA) = {
  ASN1_SIMPLE(ZPRAVA, cislo, ASN1_INTEGER),
  ASN1_SIMPLE(ZPRAVA, str, ASN1_IA5STRING)
} ASN1_SEQUENCE_END(ZPRAVA)


IMPLEMENT_ASN1_FUNCTIONS(ZPRAVA)


// macro for BIO reading ZPRAVA
#define  d2i_ZPRAVA_bio(b, zprava)  (ZPRAVA*) ASN1_d2i_bio((char *(*)()) ZPRAVA_new,\
           (char *(*)()) d2i_ZPRAVA, (b), (unsigned char **)(zprava))


ZPRAVA *read_ZPRAVA_bio(BIO *io, ZPRAVA **z)
{
  // there are two posibilities, how to read
  return d2i_ZPRAVA_bio(io, z);
//  return ASN1_item_d2i_bio(ASN1_ITEM_rptr(ZPRAVA), io, z);
}


void write_der_file(ZPRAVA *z, char *fn, int size)
{
  int len;
  unsigned char *dd;
  FILE *f;

  dd = NULL;                          // converting to DER format according
  len = i2d_ZPRAVA(z, &dd);           // the examples from man pages
  if (len < 0)
    exit(1);

  if ((size >= 0) && (size < len))    // if size is positive
    dd[size] = '\0';                  // dd is shortered to size

  f = fopen(fn, "w");
  fputs((char *) dd, f);              // writting to a file
  fclose(f);
}


int main(int argc, char *agv[])
{
  ZPRAVA *z, *z1, *z2;                // ASN1 structures
  BIO *io;                            // BIO object

  SSL_library_init();
  SSL_load_error_strings();

  z = ZPRAVA_new();                   // creating a structure and filling
  ASN1_INTEGER_set(z->cislo, 123);
  ASN1_STRING_set(z->str, "aaaaaaaaaaaaaaaaaaaa", 20);

  write_der_file(z, "test1.der", -1);     // writting structure to a file


  io = BIO_new_file("test1.der", "r");    // opening BIO
  z1 = ZPRAVA_new();
  read_ZPRAVA_bio(io, &z1);               // reading from BIO

  // printing to stdout
  fprintf(stdout, "ASN1\nCislo:  %ld\nText:   %s\n\n",
    ASN1_INTEGER_get(z1->cislo), (char *) ASN1_STRING_data(z1->str));
  BIO_free(io);


  write_der_file(z, "test2.der", 10);     // writting incomplete structure

  ERR_clear_error();                      // clearing an error queue

  io = BIO_new_file("test2.der", "r");    // opening BIO
  z2 = ZPRAVA_new();
  read_ZPRAVA_bio(io, &z2);               // reading from BIO

  ERR_print_errors_fp(stdout);            // writing errors to stderr


  // printing to stdout
  fprintf(stdout, "ASN1\nCislo:  %ld\nText:   %s\n\n",
    ASN1_INTEGER_get(z2->cislo), (char *) ASN1_STRING_data(z2->str));
  BIO_free(io);

  return 0;
}

Reply via email to