sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-03 10:23:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Remove userptr_t from ASN.1 parsers

Browse Source 
Simplify the ASN.1 code by assuming that all objects are fully
accessible via pointer dereferences.  This allows the concept of
"additional data beyond the end of the cursor" to be removed, and
simplifies parsing of all ASN.1 image formats.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2025-04-21 22:40:59 +01:00
parent 04d0b2fdf9
commit 3f8937d2f3
10 changed files with 70 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/image/der.c
View File

@@ -28,7 +28,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <assert.h>
#include <ipxe/asn1.h>
#include <ipxe/der.h>
#include <ipxe/uaccess.h>
#include <ipxe/image.h>
/** @file
@@ -49,7 +48,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
* The caller is responsible for eventually calling free() on the
* allocated ASN.1 cursor.
*/
int der_asn1 ( userptr_t data, size_t len, size_t offset,
int der_asn1 ( const void *data, size_t len, size_t offset,
struct asn1_cursor **cursor ) {
size_t remaining;
void *raw;
@@ -67,7 +66,7 @@ int der_asn1 ( userptr_t data, size_t len, size_t offset,
/* Populate cursor and data buffer */
(*cursor)->data = raw;
(*cursor)->len = remaining;
copy_from_user ( raw, data, offset, remaining );
memcpy ( raw, ( data + offset ), remaining );
/* Shrink cursor */
asn1_shrink_any ( *cursor );
@@ -83,30 +82,21 @@ int der_asn1 ( userptr_t data, size_t len, size_t offset,
*/
static int der_image_probe ( struct image *image ) {
struct asn1_cursor cursor;
uint8_t buf[8];
size_t extra;
int rc;
/* Sanity check: no realistic DER image can be smaller than this */
if ( image->len < sizeof ( buf ) )
return -ENOEXEC;
/* Prepare partial cursor */
cursor.data = buf;
cursor.len = sizeof ( buf );
copy_from_user ( buf, image->data, 0, sizeof ( buf ) );
extra = ( image->len - sizeof ( buf ) );
/* Prepare cursor */
cursor.data = image->data;
cursor.len = image->len;
/* Check that image begins with an ASN.1 sequence object */
if ( ( rc = asn1_enter_partial ( &cursor, ASN1_SEQUENCE,
&extra ) ) != 0 ) {
if ( ( rc = asn1_skip ( &cursor, ASN1_SEQUENCE ) ) != 0 ) {
DBGC ( image, "DER %s is not valid ASN.1: %s\n",
image->name, strerror ( rc ) );
return rc;
}
/* Check that image comprises a single well-formed ASN.1 object */
if ( extra != ( image->len - sizeof ( buf ) ) ) {
if ( cursor.len ) {
DBGC ( image, "DER %s is not single ASN.1\n", image->name );
return -ENOEXEC;
}