From: Theodore Tso <tytso@mit.edu>
Date: Thu, 13 Apr 1995 16:35:42 +0000 (+0000)
Subject: asn1_k_decode.c (setup, next_tag, apptag, get_field_body,
X-Git-Tag: krb5-1.0-beta5~383
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=73bd684de42505fe4e6a15803ddf074c57db671c;p=krb5.git

asn1_k_decode.c (setup, next_tag, apptag, get_field_body,
	get_lenfield_body, asn1_decode_ticket): Use the taglength to
	determine whether or not the indefinite encoding was used, and
	if so skip over the termination flag bytes in the ASN.1
	stream.

asn1buf.c (asn1buf_imbed, asn1buf_remains): Make changes to allow for
	indefinite encodings.  asn1buf_remains() is now only used for
	decoding structures and arrays (i.e., asn.1 constructs which
	terminate indefinite encodings with two zero octets.

	[ Note these fixes to support indefinite encoding aren't
	terribly clean; some invalid encodings may be accepted when they
	should not be.  This should be looked at in more detail later.]

asn1_get.c (asn1_get_tag): Inline original asn1buf_remains() code,
	since asn1_get_tag doesn't use asn1buf_remains in the context of
	a structure or an array.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5353 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index 6bcf12ddb..8daaad5fc 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,26 @@
+Wed Mar 22 09:39:55 1995    <tytso@rsx-11.mit.edu>
+
+	* asn1_k_decode.c (setup, next_tag, apptag, get_field_body,
+		get_lenfield_body, asn1_decode_ticket): Use the
+		taglength to determine whether or not the indefinite
+		encoding was used, and if so skip over the termination
+		flag bytes in the ASN.1 stream.
+
+	* asn1buf.c (asn1buf_imbed, asn1buf_remains): Make changes to
+		allow for indefinite encodings.  asn1buf_remains() is now
+		only used for decoding structures and arrays (i.e., asn.1
+		constructs which terminate indefinite encodings with two
+		zero octets.
+
+		[ Note these fixes to support indefinite encoding
+		aren't terribly clean; some invalid encodings may
+		be accepted when they should not be.  This should be
+		looked at in more detail later.]
+
+	* asn1_get.c (asn1_get_tag): Inline original asn1buf_remains()
+		code, since asn1_get_tag doesn't use asn1buf_remains in
+		the context of a structure or an array.
+
 Sat Mar 25 14:12:31 1995  Tom Yu  (tlyu@dragons-lair)
 
 	* asn1_decode.c: move declaration of gmt_mktime() outside of
diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c
index 730d679e0..3a7e33d75 100644
--- a/src/lib/krb5/asn.1/asn1_get.c
+++ b/src/lib/krb5/asn.1/asn1_get.c
@@ -32,9 +32,10 @@ asn1_error_code INTERFACE asn1_get_tag(buf, class, construction, tagnum, retlen)
 {
   asn1_error_code retval;
   
-  if(asn1buf_remains(buf) <= 0){
-    *tagnum = ASN1_TAGNUM_CEILING;
-    return 0;
+  if (buf == NULL || buf->base == NULL ||
+      buf->bound - buf->next + 1 <= 0) {
+      *tagnum = ASN1_TAGNUM_CEILING;
+      return 0;
   }
   retval = asn1_get_id(buf,class,construction,tagnum);
   if(retval) return retval;
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c
index 240489891..0d2566e2d 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -31,10 +31,10 @@ asn1_error_code retval;\
 asn1_class class;\
 asn1_construction construction;\
 asn1_tagnum tagnum;\
-int length
+int length,taglen,applen
 
 #define next_tag()\
-retval = asn1_get_tag(&subbuf,&class,&construction,&tagnum,NULL);\
+retval = asn1_get_tag(&subbuf,&class,&construction,&tagnum,&taglen);\
 if(retval) return retval;\
 if(class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\
   return ASN1_BAD_ID
@@ -45,7 +45,7 @@ if((var) == NULL) return ENOMEM
 
 
 #define apptag(tagexpect)\
-retval = asn1_get_tag(buf,&class,&construction,&tagnum,NULL);\
+retval = asn1_get_tag(buf,&class,&construction,&tagnum,&applen);\
 if(retval) return retval;\
 if(class != APPLICATION || construction != CONSTRUCTED ||\
    tagnum != (tagexpect)) return ASN1_BAD_ID
@@ -54,6 +54,7 @@ if(class != APPLICATION || construction != CONSTRUCTED ||\
 #define get_field_body(var,decoder)\
 retval = decoder(&subbuf,&(var));\
 if(retval) return retval;\
+if(!taglen) next_tag();\
 next_tag()
 
 #define get_field(var,tagexpect,decoder)\
@@ -70,6 +71,7 @@ else var = optvalue
 #define get_lenfield_body(len,var,decoder)\
 retval = decoder(&subbuf,&(len),&(var));\
 if(retval) return retval;\
+if(!taglen) next_tag();\
 next_tag()
 
 #define get_lenfield(len,var,tagexpect,decoder)\
@@ -361,6 +363,10 @@ asn1_error_code INTERFACE asn1_decode_ticket(buf, val)
     end_structure();
     val->magic = KV5M_TICKET;
   }
+  if(!applen) {
+    retval = asn1_get_tag(buf,&class,&construction,&tagnum,NULL);
+    if (retval) return retval;
+  }
   cleanup();
 }
 
diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c
index 98aa65f85..e04b0928d 100644
--- a/src/lib/krb5/asn.1/asn1buf.c
+++ b/src/lib/krb5/asn.1/asn1buf.c
@@ -78,8 +78,12 @@ asn1_error_code INTERFACE asn1buf_imbed(subbuf, buf, length)
      const int length;
 {
   subbuf->base = subbuf->next = buf->next;
-  subbuf->bound = subbuf->base + length - 1;
-  if(subbuf->bound > buf->bound) return ASN1_OVERRUN;
+  if (length > 0 ) {
+      subbuf->bound = subbuf->base + length - 1;
+      if (subbuf->bound > buf->bound)
+	  return ASN1_OVERRUN;
+  } else /* constructed indefinite */
+      subbuf->bound = buf->bound;
   return 0;
 }
 
@@ -194,13 +198,28 @@ asn1_error_code INTERFACE asn1buf_remove_charstring(buf, len, s)
   return 0;
 }
 
-int INTERFACE asn1buf_remains(buf)
-     const asn1buf * buf;
+int asn1buf_remains(buf)
+    asn1buf *buf;
 {
+  int remain;
   if(buf == NULL || buf->base == NULL) return 0;
-  else return buf->bound - buf->next + 1;
+  remain = buf->bound - buf->next +1;
+  if (remain <= 0) return remain;
+  /*
+   * Two 0 octets means the end of an indefinite encoding.
+   * 
+   * XXX  Do we need to test to make sure we'er actually doing an
+   * indefinite encoding here?
+   */
+  if ( !*(buf->next) && !*(buf->next + 1)) {
+   /* buf->bound = buf->next + 1;  */
+      buf->next += 2;
+      return 0;
+  }
+  else return remain;
 }
 
+
 asn1_error_code INTERFACE asn12krb5_buf(buf, code)
      const asn1buf * buf;
      krb5_data ** code;
diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h
index 067bbf609..0d18f3b7c 100644
--- a/src/lib/krb5/asn.1/asn1buf.h
+++ b/src/lib/krb5/asn.1/asn1buf.h
@@ -143,8 +143,10 @@ asn1_error_code INTERFACE asn12krb5_buf
 
 
 int INTERFACE asn1buf_remains
-	PROTOTYPE((const asn1buf *buf));
-/* effects   Returns the number of unprocessed octets remaining in *buf. */
+	PROTOTYPE((asn1buf *buf));
+/* requires  *buf is a buffer containing an asn.1 structure or array
+   modifies  *buf
+   effects   Returns the number of unprocessed octets remaining in *buf. */
 
 /**************** Private Procedures ****************/