From 77a5e2a3ef14c2efab2462f412d0b2dca7ddebd8 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 24 Mar 2019 19:12:25 +0100 Subject: [PATCH 1/2] Fix SNMP infinite recursion & type detection --- scapy/asn1/ber.py | 8 ++++++-- test/regression.uts | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index bc45a1dd93f..489f4452652 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -264,7 +264,7 @@ def do_dec(cls, s, context=None, safe=False): if context is None: context = cls.tag.context cls.check_string(s) - p, _ = BER_id_dec(s) + p, remainder = BER_id_dec(s) if p not in context: t = s if len(t) > 18: @@ -272,6 +272,10 @@ def do_dec(cls, s, context=None, safe=False): raise BER_Decoding_Error("Unknown prefix [%02x] for [%r]" % (p, t), remaining=s) codec = context[p].get_codec(ASN1_Codecs.BER) + if codec == BERcodec_Object: + # Value type defined as Unknown + l, s = BER_num_dec(remainder) + return ASN1_BADTAG(s[:l]), s[l:] return codec.dec(s, context, safe) @classmethod @@ -294,7 +298,7 @@ def safedec(cls, s, context=None): @classmethod def enc(cls, s): - if isinstance(s, six.string_types): + if isinstance(s, (str, bytes)): return BERcodec_STRING.enc(s) else: return BERcodec_INTEGER.enc(int(s)) diff --git a/test/regression.uts b/test/regression.uts index 97fc1f5d5ea..ec392b64463 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1155,6 +1155,20 @@ assert SNMP in z x = UDP()/SNMP() assert x.sport == x.dport == 161 += Basic SNMPvarbind build +~ SNMP ASN1 +x = SNMPvarbind(oid=ASN1_OID("1.3.6.1.2.1.1.4.0"), value=RandBin()) +x = SNMPvarbind(raw(x)) +assert isinstance(x.value, ASN1_STRING) + += Failing SNMPvarbind dissection +~ SNMP ASN1 +try: + SNMP('0a\x02\x01\x00\x04\x06public\xa3T\x02\x02D\xd0\x02\x01\x00\x02\x01\x000H0F\x06\x08+\x06\x01\x02\x01\x01\x05\x00\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D') + assert False +except BER_Decoding_Error: + pass + = ASN1 - ASN1_Object assert ASN1_Object(1) == ASN1_Object(1) assert ASN1_Object(1) > ASN1_Object(0) From 6025d9eb7706a31bad7acc8592b0ac00d7f75559 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Mon, 25 Mar 2019 10:11:35 +0100 Subject: [PATCH 2/2] Better string type test Co-Authored-By: gpotter2 --- scapy/asn1/ber.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 489f4452652..d6c6b1498c1 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -298,7 +298,7 @@ def safedec(cls, s, context=None): @classmethod def enc(cls, s): - if isinstance(s, (str, bytes)): + if isinstance(s, six.string_types + (bytes,)): return BERcodec_STRING.enc(s) else: return BERcodec_INTEGER.enc(int(s))