From 68071016f32887c1d9855032457dcedd81b55adf Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 18 Sep 2007 03:38:46 +0000 Subject: [PATCH] pull up r19935 from trunk r19935@cathode-dark-space: tlyu | 2007-09-13 19:51:32 -0400 ticket: 5704 tags: pullup In the pkinit decoders, set up things properly so that asn1buf_sync() behaves correctly and isn't acting on uninitialized variables. ticket: 5704 version_fixed: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19947 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/asn1_k_decode.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index f0aca49eb..4b581e35e 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -207,8 +207,6 @@ asn1buf subbuf; \ int seqindef; \ int indef; \ - unused_var(taglen); \ - unused_var(construction); \ retval = asn1_get_sequence(buf, &length, &seqindef); \ if (retval) return retval; \ retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ @@ -1327,6 +1325,22 @@ asn1_error_code asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_i setup(); { begin_structure_no_tag(); + /* + * Forbid indefinite encoding because we don't read enough tag + * information from the trailing octets ("ANY DEFINED BY") to + * synchronize EOC tags, etc. + */ + if (seqindef) return ASN1_BAD_FORMAT; + /* + * Set up tag variables because we don't actually call anything + * that fetches tag info for us; it's all buried in the decoder + * primitives. + */ + tagnum = ASN1_TAGNUM_CEILING; + asn1class = UNIVERSAL; + construction = PRIMITIVE; + taglen = 0; + indef = 0; retval = asn1_decode_oid(&subbuf, &val->algorithm.length, &val->algorithm.data); if(retval) return retval; @@ -1374,7 +1388,12 @@ asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info * retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); if(retval) return retval; - val->subjectPublicKey.length = taglen; + val->subjectPublicKey.length = taglen; + /* + * We didn't call any macro that does next_tag(); do so now to + * preload tag of any trailing encodings. + */ + next_tag(); end_structure(); } cleanup(); -- 2.26.2