pull up r19935 from trunk

 r19935@cathode-dark-space:  tlyu | 2007-09-13 19:51:32 -0400
 ticket: 5704
 tags: pullup

 In the pkinit decoders, set up things properly so that asn1buf_sync()
 behaves correctly and isn't acting on uninitialized variables.

ticket: 5704
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19947 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c
index f0aca49ebb901b725e776f38dad35bf71aea3b8f..4b581e35e528883e87ebcdb63913b85adbd71468 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -207,8 +207,6 @@
   asn1buf subbuf;                                              \
   int seqindef;                                                        \
   int indef;                                                   \
-  unused_var(taglen);                                          \
-  unused_var(construction);                                    \
   retval = asn1_get_sequence(buf, &length, &seqindef);         \
   if (retval) return retval;                                   \
   retval = asn1buf_imbed(&subbuf, buf, length, seqindef);      \
@@ -1327,6 +1325,22 @@ asn1_error_code asn1_decode_algorithm_identifier(asn1buf *buf,  krb5_algorithm_i
 
   setup();
   { begin_structure_no_tag();
+    /*
+     * Forbid indefinite encoding because we don't read enough tag
+     * information from the trailing octets ("ANY DEFINED BY") to
+     * synchronize EOC tags, etc.
+     */
+    if (seqindef) return ASN1_BAD_FORMAT;
+    /*
+     * Set up tag variables because we don't actually call anything
+     * that fetches tag info for us; it's all buried in the decoder
+     * primitives.
+     */
+    tagnum = ASN1_TAGNUM_CEILING;
+    asn1class = UNIVERSAL;
+    construction = PRIMITIVE;
+    taglen = 0;
+    indef = 0;
     retval = asn1_decode_oid(&subbuf, &val->algorithm.length, 
                             &val->algorithm.data);
     if(retval) return retval;
@@ -1374,7 +1388,12 @@ asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info *
       retval = asn1buf_remove_octetstring(&subbuf, taglen, 
                                          &val->subjectPublicKey.data);
       if(retval) return retval;
-      val->subjectPublicKey.length = taglen;      
+      val->subjectPublicKey.length = taglen;
+      /*
+       * We didn't call any macro that does next_tag(); do so now to
+       * preload tag of any trailing encodings.
+       */
+      next_tag();
       end_structure();
     }
     cleanup();