Changeset 988 for vendor/current/lib/util/asn1.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/lib/util/asn1.c (modified) (27 diffs)

vendor/current/lib/util/asn1.c

@@ -18 +18 @@
 */
 
-#include "includes.h"
-#include "../lib/util/asn1.h"
+#include "replace.h"
+#include "system/locale.h"
+#include "lib/util/asn1.h"
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+
+struct nesting {
+        off_t start;
+        size_t taglen; /* for parsing */
+        struct nesting *next;
+};
+
+
+struct asn1_data {
+        uint8_t *data;
+        size_t length;
+        off_t ofs;
+        struct nesting *nesting;
+        bool has_error;
+};
 
 /* allocate an asn1 structure */
@@ -37 +55 @@
 }
 
+bool asn1_has_error(const struct asn1_data *data)
+{
+        return data->has_error;
+}
+
+void asn1_set_error(struct asn1_data *data)
+{
+        data->has_error = true;
+}
+
+bool asn1_has_nesting(const struct asn1_data *data)
+{
+        return data->nesting != NULL;
+}
+
+off_t asn1_current_ofs(const struct asn1_data *data)
+{
+        return data->ofs;
+}
+
 /* write to the ASN1 buffer, advancing the buffer pointer */
 bool asn1_write(struct asn1_data *data, const void *p, int len)
 {
         if (data->has_error) return false;
+
+        if ((len < 0) || (data->ofs + (size_t)len < data->ofs)) {
+                data->has_error = true;
+                return false;
+        }
+
         if (data->length < data->ofs+len) {
                 uint8_t *newp;
                 newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len);
                 if (!newp) {
-                        asn1_free(data);
                         data->has_error = true;
                         return false;
@@ -68 +111 @@
         struct nesting *nesting;
 
-        asn1_write_uint8(data, tag);
+        if (!asn1_write_uint8(data, tag)) {
+                return false;
+        }
         nesting = talloc(data, struct nesting);
         if (!nesting) {
@@ -86 +131 @@
         struct nesting *nesting;
         size_t len;
+
+        if (data->has_error) {
+                return false;
+        }
 
         nesting = data->nesting;
@@ -186 +235 @@
 bool asn1_write_implicit_Integer(struct asn1_data *data, int i)
 {
+        if (data->has_error) {
+                return false;
+        }
+
         if (i == -1) {
                 /* -1 is special as it consists of all-0xff bytes. In
@@ -232 +285 @@
         p = newp + 1;
 
-        /*the ber representation can't use more space then the string one */
+        /*the ber representation can't use more space than the string one */
         *blob = data_blob_talloc(mem_ctx, NULL, strlen(OID));
         if (!blob->data) return false;
@@ -327 +380 @@
 bool asn1_write_OctetString(struct asn1_data *data, const void *p, size_t length)
 {
-        asn1_push_tag(data, ASN1_OCTET_STRING);
-        asn1_write(data, p, length);
-        asn1_pop_tag(data);
-        return !data->has_error;
+        if (!asn1_push_tag(data, ASN1_OCTET_STRING)) return false;
+        if (!asn1_write(data, p, length)) return false;
+        return asn1_pop_tag(data);
 }
 
@@ -336 +388 @@
 bool asn1_write_LDAPString(struct asn1_data *data, const char *s)
 {
-        asn1_write(data, s, strlen(s));
-        return !data->has_error;
+        return asn1_write(data, s, strlen(s));
 }
 
@@ -343 +394 @@
 bool asn1_write_DATA_BLOB_LDAPString(struct asn1_data *data, const DATA_BLOB *s)
 {
-        asn1_write(data, s->data, s->length);
-        return !data->has_error;
+        return asn1_write(data, s->data, s->length);
 }
 
@@ -350 +400 @@
 bool asn1_write_GeneralString(struct asn1_data *data, const char *s)
 {
-        asn1_push_tag(data, ASN1_GENERAL_STRING);
-        asn1_write_LDAPString(data, s);
-        asn1_pop_tag(data);
-        return !data->has_error;
+        if (!asn1_push_tag(data, ASN1_GENERAL_STRING)) return false;
+        if (!asn1_write_LDAPString(data, s)) return false;
+        return asn1_pop_tag(data);
 }
 
 bool asn1_write_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
 {
-        asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(num));
-        asn1_write(data, blob->data, blob->length);
-        asn1_pop_tag(data);
-        return !data->has_error;
+        if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(num))) return false;
+        if (!asn1_write(data, blob->data, blob->length)) return false;
+        return asn1_pop_tag(data);
 }
 
@@ -367 +415 @@
 bool asn1_write_BOOLEAN(struct asn1_data *data, bool v)
 {
-        asn1_push_tag(data, ASN1_BOOLEAN);
-        asn1_write_uint8(data, v ? 0xFF : 0);
-        asn1_pop_tag(data);
-        return !data->has_error;
+        if (!asn1_push_tag(data, ASN1_BOOLEAN)) return false;
+        if (!asn1_write_uint8(data, v ? 0xFF : 0)) return false;
+        return asn1_pop_tag(data);
 }
 
@@ -376 +423 @@
 {
         uint8_t tmp = 0;
-        asn1_start_tag(data, ASN1_BOOLEAN);
-        asn1_read_uint8(data, &tmp);
+        if (!asn1_start_tag(data, ASN1_BOOLEAN)) return false;
+        *v = false;
+        if (!asn1_read_uint8(data, &tmp)) return false;
         if (tmp == 0xFF) {
                 *v = true;
-        } else {
-                *v = false;
-        }
-        asn1_end_tag(data);
-        return !data->has_error;
+        }
+        return asn1_end_tag(data);
 }
 
@@ -390 +435 @@
 bool asn1_write_BOOLEAN_context(struct asn1_data *data, bool v, int context)
 {
-        asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(context));
-        asn1_write_uint8(data, v ? 0xFF : 0);
-        asn1_pop_tag(data);
-        return !data->has_error;
+        if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(context))) return false;
+        if (!asn1_write_uint8(data, v ? 0xFF : 0)) return false;
+        return asn1_pop_tag(data);
 }
 
@@ -399 +443 @@
 {
         uint8_t tmp = 0;
-        asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(context));
-        asn1_read_uint8(data, &tmp);
+        if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(context))) return false;
+        *v = false;
+        if (!asn1_read_uint8(data, &tmp)) return false;
         if (tmp == 0xFF) {
                 *v = true;
-        } else {
-                *v = false;
-        }
-        asn1_end_tag(data);
-        return !data->has_error;
+        }
+        return asn1_end_tag(data);
 }
 
@@ -415 +457 @@
         uint8_t b = 0;
 
-        asn1_read_uint8(data, &b);
+        if (!asn1_read_uint8(data, &b)) return false;
         if (b != ASN1_BOOLEAN) {
                 data->has_error = true;
                 return false;
         }
-        asn1_read_uint8(data, &b);
+        if (!asn1_read_uint8(data, &b)) return false;
         if (b != v) {
                 data->has_error = true;
@@ -502 +544 @@
  * just get the needed size the tag would consume
  */
-bool asn1_peek_tag_needed_size(struct asn1_data *data, uint8_t tag, size_t *size)
+static bool asn1_peek_tag_needed_size(struct asn1_data *data, uint8_t tag,
+                                      size_t *size)
 {
         off_t start_ofs = data->ofs;
@@ -771 +814 @@
         }
 
-        asn1_read(data, blob.data, len);
-        asn1_end_tag(data);
-        if (data->has_error) {
+        if (!asn1_read(data, blob.data, len)) return false;
+        if (!asn1_end_tag(data)) {
                 data_blob_free(&blob);
                 return false;
@@ -818 +860 @@
                 return false;
         }
-        asn1_read(data, *s, len);
         (*s)[len] = 0;
-        return !data->has_error;
+        return asn1_read(data, *s, len);
 }
 
@@ -845 +886 @@
         }
         *blob = data_blob_talloc(mem_ctx, NULL, len+1);
-        if (!blob->data) {
-                data->has_error = true;
-                return false;
-        }
-        asn1_read(data, blob->data, len);
-        asn1_end_tag(data);
+        if (!blob->data || blob->length < len) {
+                data->has_error = true;
+                return false;
+        }
+        if (!asn1_read(data, blob->data, len)) goto err;
+        if (!asn1_end_tag(data)) goto err;
         blob->length--;
         blob->data[len] = 0;
-        
-        if (data->has_error) {
-                data_blob_free(blob);
-                *blob = data_blob_null;
-                return false;
-        }
-        return true;
+        return true;
+
+  err:
+
+        data_blob_free(blob);
+        *blob = data_blob_null;
+        return false;
 }
 
@@ -877 +918 @@
                 return false;
         }
-        asn1_read(data, blob->data, len);
-        asn1_end_tag(data);
-        return !data->has_error;
+        if (!asn1_read(data, blob->data, len)) return false;
+        return asn1_end_tag(data);
 }
 
@@ -928 +968 @@
         if (!asn1_read_uint8(data, padding)) return false;
 
-        *blob = data_blob_talloc(mem_ctx, NULL, len);
-        if (!blob->data) {
+        *blob = data_blob_talloc(mem_ctx, NULL, len+1);
+        if (!blob->data || blob->length < len) {
                 data->has_error = true;
                 return false;
@@ -956 +996 @@
         while (!data->has_error && asn1_tag_remaining(data)>0) {
                 uint8_t b;
-                asn1_read_uint8(data, &b);
+                if (!asn1_read_uint8(data, &b)) {
+                        return false;
+                }
                 *v = (*v << 8) + b;
         }
@@ -967 +1009 @@
         uint8_t b;
         if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false;
-        asn1_read_uint8(data, &b);
-        asn1_end_tag(data);
+        if (!asn1_read_uint8(data, &b)) return false;
+        if (!asn1_end_tag(data)) return false;
 
         if (v != b)
@@ -980 +1022 @@
 {
         if (!asn1_push_tag(data, ASN1_ENUMERATED)) return false;
-        asn1_write_uint8(data, v);
-        asn1_pop_tag(data);
-        return !data->has_error;
+        if (!asn1_write_uint8(data, v)) return false;
+        return asn1_pop_tag(data);
 }
 
@@ -1001 +1042 @@
 }
 
+bool asn1_extract_blob(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
+                       DATA_BLOB *pblob)
+{
+        DATA_BLOB blob;
+
+        if (!asn1_blob(asn1, &blob)) {
+                return false;
+        }
+
+        *pblob = (DATA_BLOB) { .length = blob.length };
+        pblob->data = talloc_move(mem_ctx, &blob.data);
+
+        /*
+         * Stop access from here on
+         */
+        asn1->has_error = true;
+
+        return true;
+}
+
 /*
   Fill in an asn1 struct without making a copy
@@ -1011 +1072 @@
 }
 
-/*
-  check if a ASN.1 blob is a full tag
-*/
-NTSTATUS asn1_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
-{
-        struct asn1_data *asn1 = asn1_init(NULL);
-        int size;
-
-        NT_STATUS_HAVE_NO_MEMORY(asn1);
-
-        asn1->data = blob.data;
-        asn1->length = blob.length;
-        asn1_start_tag(asn1, tag);
-        if (asn1->has_error) {
-                talloc_free(asn1);
-                return STATUS_MORE_ENTRIES;
-        }
-        size = asn1_tag_remaining(asn1) + asn1->ofs;
-
-        talloc_free(asn1);
-
-        if (size > blob.length) {
-                return STATUS_MORE_ENTRIES;
-        }
-
-        *packet_size = size;
-        return NT_STATUS_OK;
-}
-
-NTSTATUS asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
+int asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
 {
         struct asn1_data asn1;
@@ -1052 +1084 @@
         ok = asn1_peek_tag_needed_size(&asn1, tag, &size);
         if (!ok) {
-                return NT_STATUS_INVALID_BUFFER_SIZE;
+                return EMSGSIZE;
         }
 
         if (size > blob.length) {
                 *packet_size = size;
-                return STATUS_MORE_ENTRIES;
+                return EAGAIN;
         }               
 
         *packet_size = size;
-        return NT_STATUS_OK;
-}
+        return 0;
+}