This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU libtasn1".
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=c14455b2d72e248190e8f13810e0aa25a36166af The branch, master has been updated via c14455b2d72e248190e8f13810e0aa25a36166af (commit) via d3fd77835c069f1dacce0bb665af5db4155f125c (commit) via 01858b543efd4eb15a7fff2ca5841a387177108b (commit) from 1bce4ce6dffa81532e065e60a6df5b91d037f68e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c14455b2d72e248190e8f13810e0aa25a36166af Author: Nikos Mavrogiannopoulos <n...@redhat.com> Date: Fri Jan 13 11:56:51 2017 +0100 _asn1_ltostr: ensure that input value will always be printed That is, use an unsigned type to store the output of the negation (in case the input is negative). This addresses the issue found in PKCS#7 decoding: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=388 Signed-off-by: Nikos Mavrogiannopoulos <n...@redhat.com> commit d3fd77835c069f1dacce0bb665af5db4155f125c Author: Nikos Mavrogiannopoulos <n...@redhat.com> Date: Fri Jan 13 11:33:54 2017 +0100 tests: added invalid PKCS#7 struct checks The added struct causes an integer overflow. commit 01858b543efd4eb15a7fff2ca5841a387177108b Author: Nikos Mavrogiannopoulos <n...@redhat.com> Date: Fri Jan 13 11:36:47 2017 +0100 decoding-invalid-x509: output log on error ----------------------------------------------------------------------- Summary of changes: lib/parser_aux.c | 18 ++++++----- tests/Makefile.am | 6 ++-- tests/coding-long-oid.c | 2 +- tests/decoding-invalid-x509 | 7 +++-- tests/invalid-pkcs7/id-000001.der | Bin 0 -> 5375 bytes tests/pkix.asn | 63 ++++++++++++++++++++----------------- 6 files changed, 56 insertions(+), 40 deletions(-) create mode 100644 tests/invalid-pkcs7/id-000001.der diff --git a/lib/parser_aux.c b/lib/parser_aux.c index cfd76e0..7313eeb 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -551,29 +551,33 @@ _asn1_delete_list_and_nodes (void) char * _asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) { - int64_t d, r; + uint64_t d, r; char temp[LTOSTR_MAX_SIZE]; int count, k, start; + uint64_t val; if (v < 0) { str[0] = '-'; start = 1; - v = -v; + val = -v; } else - start = 0; + { + val = v; + start = 0; + } count = 0; do { - d = v / 10; - r = v - d * 10; + d = val / 10; + r = val - d * 10; temp[start + count] = '0' + (char) r; count++; - v = d; + val = d; } - while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); + while (val && ((start+count) < LTOSTR_MAX_SIZE-1)); for (k = 0; k < count; k++) str[k + start] = temp[start + count - k - 1]; diff --git a/tests/Makefile.am b/tests/Makefile.am index 0d8fcb1..537acaf 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -43,11 +43,13 @@ EXTRA_DIST = Test_parser.asn Test_tree.asn Test_tree_asn1_tab.c \ invalid-x509/id-000028.der invalid-x509/id-000029.der \ invalid-x509/id-000030.der invalid-x509/id-000031.der \ invalid-x509/id-000032.der invalid-x509/id-000033.der \ - invalid-x509/id-000034.der invalid-x509/id-000035.der + invalid-x509/id-000034.der invalid-x509/id-000035.der \ + invalid-pkcs7/id-000001.der # For crlf. EXTRA_DIST += crlf.cer crl.der ocsp.der -dist_check_SCRIPTS = crlf benchmark threadsafety decoding decoding-invalid-x509 +dist_check_SCRIPTS = crlf benchmark threadsafety decoding decoding-invalid-x509 \ + decoding-invalid-pkcs7 MOSTLYCLEANFILES = Test_parser_ERROR.asn diff --git a/tests/coding-long-oid.c b/tests/coding-long-oid.c index bc2cd56..6031cf2 100644 --- a/tests/coding-long-oid.c +++ b/tests/coding-long-oid.c @@ -159,7 +159,7 @@ main (int argc, char** argv) result = asn1_parser2tree (pkixfile, &definitions, errorDescription); if (result != ASN1_SUCCESS) { - printf ("error in %d\n", __LINE__); + printf ("error in %d: %s\n", __LINE__, errorDescription); exit (1); } diff --git a/tests/decoding-invalid-x509 b/tests/decoding-invalid-x509 index 01d9cb0..904cda7 100755 --- a/tests/decoding-invalid-x509 +++ b/tests/decoding-invalid-x509 @@ -20,7 +20,7 @@ srcdir="${srcdir:-.}" if ! test -z "${VALGRIND}";then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=7 --leak-check=no" fi - +TMPFILE=decoding-invalid.$$.tmp ASN1DECODING="${ASN1DECODING:-../src/asn1Decoding$EXEEXT}" ASN1PKIX="${ASN1PKIX:-pkix.asn}" @@ -28,13 +28,16 @@ ASN1PKIX="${ASN1PKIX:-pkix.asn}" # to certain libtasn1 versions. for i in "${srcdir}/invalid-x509/"*.der;do -$VALGRIND $ASN1DECODING "$ASN1PKIX" "$i" PKIX1.Certificate >/dev/null 2>&1 +$VALGRIND $ASN1DECODING "$ASN1PKIX" "$i" PKIX1.Certificate >$TMPFILE 2>&1 ret=$? if test $ret != 1;then echo "Decoding failed for $i" + cat $TMPFILE exit 1 fi echo "$(basename $i): ok" done +rm -f $TMPFILE + exit 0 diff --git a/tests/invalid-pkcs7/id-000001.der b/tests/invalid-pkcs7/id-000001.der new file mode 100644 index 0000000..6c91a25 Binary files /dev/null and b/tests/invalid-pkcs7/id-000001.der differ diff --git a/tests/pkix.asn b/tests/pkix.asn index f5dc6b9..efdf95e 100644 --- a/tests/pkix.asn +++ b/tests/pkix.asn @@ -934,36 +934,31 @@ ub-x121-address-length INTEGER ::= 16 -- Cryptographic Message Syntax pkcs-7-ContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, + contentType OBJECT IDENTIFIER, content [0] EXPLICIT ANY DEFINED BY contentType } pkcs-7-DigestInfo ::= SEQUENCE { - digestAlgorithm pkcs-7-DigestAlgorithmIdentifier, - digest pkcs-7-Digest + digestAlgorithm AlgorithmIdentifier, + digest OCTET STRING } -pkcs-7-Digest ::= OCTET STRING - -pkcs-7-ContentType ::= OBJECT IDENTIFIER - pkcs-7-SignedData ::= SEQUENCE { - version pkcs-7-CMSVersion, + version INTEGER, digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers, encapContentInfo pkcs-7-EncapsulatedContentInfo, certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL, crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL, - signerInfos pkcs-7-SignerInfos + signerInfos pkcs-7-SignerInfos } -pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } +pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier -pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier - -pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier +-- rfc5652: eContent [0] EXPLICIT OCTET STRING OPTIONAL +-- rfc2315: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL pkcs-7-EncapsulatedContentInfo ::= SEQUENCE { - eContentType pkcs-7-ContentType, - eContent [0] EXPLICIT OCTET STRING OPTIONAL } + eContentType OBJECT IDENTIFIER, + eContent [0] EXPLICIT ANY OPTIONAL } -- We don't use CertificateList here since we only want -- to read the raw data. @@ -978,8 +973,28 @@ pkcs-7-CertificateChoices ::= CHOICE { pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices -pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it - -- anyway +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber +} + +pkcs-7-SignerInfo ::= SEQUENCE { + version INTEGER, + sid SignerIdentifier, + digestAlgorithm AlgorithmIdentifier, + signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, + signatureAlgorithm AlgorithmIdentifier, + signature OCTET STRING, + unsignedAttrs [1] IMPLICIT SignedAttributes OPTIONAL } + +SignedAttributes ::= SET SIZE (1..MAX) OF Attribute + +SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo -- BEGIN of RFC2986 @@ -1158,28 +1173,20 @@ pkcs-12-PKCS12Attribute ::= Attribute -- PKCS #7 stuff (needed in PKCS 12) -pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) - us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } - -pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) - us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } - pkcs-7-Data ::= OCTET STRING pkcs-7-EncryptedData ::= SEQUENCE { - version pkcs-7-CMSVersion, + version INTEGER, encryptedContentInfo pkcs-7-EncryptedContentInfo, unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } pkcs-7-EncryptedContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, + contentType OBJECT IDENTIFIER, contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, - encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL } + encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL } pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier -pkcs-7-EncryptedContent ::= OCTET STRING - pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute -- LDAP stuff hooks/post-receive -- GNU libtasn1