bit_string and bit_string_flags decoders crash on some invalid inputs
#26
Comments
|
Thanks for the fix! Just tested it and it works like a charm! |
|
The range of unused bits is a pure bug: X.690:
Fixed here. The issue of partial last byte is more subtle. The canonical (and accurate) representation of bit strings is Of course the real problem is a lack of a proper custom type without the heroic 64-fold size blowup of Thanks for the report and the handy repro! |
CHANGES: * disallow various constructs as suggested by ITU-T Rec X.690 (by @pqwy) * redundant OID component forms (X.690 8.20.2) * redundant integer forms (X.690 8.3.2) * empty integer (X.690 8.3.1, reported in mirleft/ocaml-asn1-combinators#23 by @emillon) * constructed strings in DER * deeper implict -> explicit over choice (follow-up to v0.2.0 entry, by @pqwy) * handle long-form length overflow (reported in mirleft/ocaml-asn1-combinators#24 by @emillon, fixed by @pqwy) * disallow primitive with indefinite length (introduced in the bugfix above, reported by @emillon, fixed in mirleft/ocaml-asn1-combinators#32 by @hannesm) * disallow nonsensical bitstring unused values (X690 8.6.2, reported in mirleft/ocaml-asn1-combinators#26 by @NathanReb, fixed by @pqwy) * fix non-continuous bit_string_flags (X680 22.6, reported in mirleft/ocaml-asn1-combinators#25 by @wiml, fixed by @pqwy) * use Alcotest instead of oUnit for unit tests (by @pqwy) * use dune as build system (by @pqwy, superseeds mirleft/ocaml-asn1-combinators#22) * use bigarray-compat (mirleft/ocaml-asn1-combinators#27 by @TheLortex) and stdlib-shims (mirleft/ocaml-asn1-combinators#29 by @XVilka) * raise lower bound to OCaml 4.05.0 (mirleft/ocaml-asn1-combinators#31 by @hannesm)
|
thanks for the report, this has been fixed and is now part of the 0.2.1 release. |
I recently stumbled upon a bug. A
bit_stringor abit_string_flagdecoder seem to fail on some invalid inputs with anInvalid_argument "Array.init"instead of returning a parsing error. Running those simple examples should reproduce the issue:or
The crash seems to happen when the first octet specifying the number of insignificant bits in the last octet has an inconsistent value per se or given the rest of the bit string.
Trying to decode
0x030101will fail same as0x03036a0303.Note that the
bit_string_csisn't affected by the bug in the sense that it doesn't result in a crash but just returns whatever the bit string contains without the first octet encoding the insignificant bits.This might not be the best behaviour. I'm guessing most people use the
bit_string_csin places where the first octet is always0x00such as in X509 SubjectPublicKeyInfo so they shouldn't be affected but it does seem a bit unsafe to just discard the first octet in those cases if it's not0x00.I guess a decent alternative would be to add an
(int * Cstruct.t) Asn.S.twith theintbeing the number of insignificant bits in the last octet of theCstruct.t.bit_string_cscould then be built on top of that and check that the first element is0.I'm of course happy to help by providing any further detail you'd need or even a patch.
The text was updated successfully, but these errors were encountered: