Browse Source

[crypto] Allow for zero-length ASN.1 cursors

The assumption in asn1_type() that an ASN.1 cursor will always contain
a type byte is incorrect.  A cursor that has been cleanly invalidated
via asn1_invalidate_cursor() will contain a type byte, but there are
other ways in which to arrive at a zero-length cursor.

Fix by explicitly checking the cursor length in asn1_type().  This
allows asn1_invalidate_cursor() to be reduced to simply zeroing the
length field.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 8 years ago
parent
commit
5a6ed90a00
2 changed files with 14 additions and 14 deletions
  1. 0
    12
      src/crypto/asn1.c
  2. 14
    2
      src/include/ipxe/asn1.h

+ 0
- 12
src/crypto/asn1.c View File

81
 #define EINFO_ENOTTY_ALGORITHM \
81
 #define EINFO_ENOTTY_ALGORITHM \
82
 	__einfo_uniqify ( EINFO_ENOTTY, 0x01, "Inappropriate algorithm" )
82
 	__einfo_uniqify ( EINFO_ENOTTY, 0x01, "Inappropriate algorithm" )
83
 
83
 
84
-/**
85
- * Invalidate ASN.1 object cursor
86
- *
87
- * @v cursor		ASN.1 object cursor
88
- */
89
-void asn1_invalidate_cursor ( struct asn1_cursor *cursor ) {
90
-	static uint8_t asn1_invalid_object[] = { ASN1_END, 0 };
91
-
92
-	cursor->data = asn1_invalid_object;
93
-	cursor->len = 0;
94
-}
95
-
96
 /**
84
 /**
97
  * Start parsing ASN.1 object
85
  * Start parsing ASN.1 object
98
  *
86
  *

+ 14
- 2
src/include/ipxe/asn1.h View File

314
 	unsigned int unused;
314
 	unsigned int unused;
315
 } __attribute__ (( packed ));
315
 } __attribute__ (( packed ));
316
 
316
 
317
+/**
318
+ * Invalidate ASN.1 object cursor
319
+ *
320
+ * @v cursor		ASN.1 object cursor
321
+ */
322
+static inline __attribute__ (( always_inline )) void
323
+asn1_invalidate_cursor ( struct asn1_cursor *cursor ) {
324
+	cursor->len = 0;
325
+}
326
+
317
 /**
327
 /**
318
  * Extract ASN.1 type
328
  * Extract ASN.1 type
319
  *
329
  *
320
  * @v cursor		ASN.1 object cursor
330
  * @v cursor		ASN.1 object cursor
321
- * @ret type		Type
331
+ * @ret type		Type, or ASN1_END if cursor is invalid
322
  */
332
  */
323
 static inline __attribute__ (( always_inline )) unsigned int
333
 static inline __attribute__ (( always_inline )) unsigned int
324
 asn1_type ( const struct asn1_cursor *cursor ) {
334
 asn1_type ( const struct asn1_cursor *cursor ) {
325
-	return ( *( ( const uint8_t * ) cursor->data ) );
335
+	const uint8_t *type = cursor->data;
336
+
337
+	return ( ( cursor->len >= sizeof ( *type ) ) ? *type : ASN1_END );
326
 }
338
 }
327
 
339
 
328
 extern void asn1_invalidate_cursor ( struct asn1_cursor *cursor );
340
 extern void asn1_invalidate_cursor ( struct asn1_cursor *cursor );

Loading…
Cancel
Save