sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-21 12:30:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Allow for zero-length ASN.1 cursors

Browse Source 
The assumption in asn1_type() that an ASN.1 cursor will always contain
a type byte is incorrect.  A cursor that has been cleanly invalidated
via asn1_invalidate_cursor() will contain a type byte, but there are
other ways in which to arrive at a zero-length cursor.

Fix by explicitly checking the cursor length in asn1_type().  This
allows asn1_invalidate_cursor() to be reduced to simply zeroing the
length field.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2016-03-11 16:51:13 +00:00
parent 05dcb07cb2
commit 5a6ed90a00
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/include/ipxe/asn1.h
View File

@@ -314,15 +314,27 @@ struct asn1_bit_string {
unsigned int unused;
} __attribute__ (( packed ));
/**
* Invalidate ASN.1 object cursor
*
* @v cursor ASN.1 object cursor
*/
static inline __attribute__ (( always_inline )) void
asn1_invalidate_cursor ( struct asn1_cursor *cursor ) {
cursor->len = 0;
}
/**
* Extract ASN.1 type
*
* @v cursor ASN.1 object cursor
* @ret type Type
* @ret type Type, or ASN1_END if cursor is invalid
*/
static inline __attribute__ (( always_inline )) unsigned int
asn1_type ( const struct asn1_cursor *cursor ) {
return ( *( ( const uint8_t * ) cursor->data ) );
const uint8_t *type = cursor->data;
return ( ( cursor->len >= sizeof ( *type ) ) ? *type : ASN1_END );
}
extern void asn1_invalidate_cursor ( struct asn1_cursor *cursor );