diff options
Diffstat (limited to 'src/libstrongswan/asn1/asn1_parser.c')
-rw-r--r-- | src/libstrongswan/asn1/asn1_parser.c | 70 |
1 files changed, 61 insertions, 9 deletions
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index e7b7a428d..4d5f799b7 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -1,8 +1,7 @@ /* * Copyright (C) 2006 Martin Will - * Copyright (C) 2000-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2000-2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -76,12 +75,18 @@ struct private_asn1_parser_t { * Current parsing pointer for each level */ chunk_t blobs[ASN1_MAX_LEVEL + 2]; + + /** + * Parsing a CHOICE on the current level ? + */ + bool choice[ASN1_MAX_LEVEL + 2]; + }; METHOD(asn1_parser_t, iterate, bool, private_asn1_parser_t *this, int *objectID, chunk_t *object) { - chunk_t *blob, *blob1; + chunk_t *blob, *blob1, blob_ori; u_char *start_ptr; u_int level; asn1Object_t obj; @@ -97,7 +102,7 @@ METHOD(asn1_parser_t, iterate, bool, return FALSE; } - if (obj.flags & ASN1_END) /* end of loop or option found */ + if (obj.flags & ASN1_END) /* end of loop or choice or option found */ { if (this->loopAddr[obj.level] && this->blobs[obj.level+1].len > 0) { @@ -106,13 +111,42 @@ METHOD(asn1_parser_t, iterate, bool, } else { - this->loopAddr[obj.level] = 0; /* exit loop or option*/ + this->loopAddr[obj.level] = 0; /* exit loop */ + + if (obj.flags & ASN1_CHOICE) /* end of choices */ + { + if (this->choice[obj.level+1]) + { + DBG1(DBG_ASN, "L%d - %s: incorrect choice encoding", + this->level0 + obj.level, obj.name); + this->success = FALSE; + goto end; + } + } + + if (obj.flags & ASN1_CH) /* end of choice */ + { + /* parsed a valid choice */ + this->choice[obj.level] = FALSE; + + /* advance to end of choices */ + do + { + this->line++; + } + while (!((this->objects[this->line].flags & ASN1_END) && + (this->objects[this->line].flags & ASN1_CHOICE) && + (this->objects[this->line].level == obj.level-1))); + this->line--; + } + goto end; } } level = this->level0 + obj.level; blob = this->blobs + obj.level; + blob_ori = *blob; blob1 = blob + 1; start_ptr = blob->ptr; @@ -129,7 +163,6 @@ METHOD(asn1_parser_t, iterate, bool, } /* handle ASN.1 options */ - if ((obj.flags & ASN1_OPT) && (blob->len == 0 || *start_ptr != obj.type)) { @@ -144,7 +177,6 @@ METHOD(asn1_parser_t, iterate, bool, } /* an ASN.1 object must possess at least a tag and length field */ - if (blob->len < 2) { DBG1(DBG_ASN, "L%d - %s: ASN.1 object smaller than 2 octets", @@ -167,8 +199,16 @@ METHOD(asn1_parser_t, iterate, bool, blob->ptr += blob1->len; blob->len -= blob1->len; - /* return raw ASN.1 object without prior type checking */ + /* handle ASN.1 choice without explicit context encoding */ + if ((obj.flags & ASN1_CHOICE) && obj.type == ASN1_EOC) + { + DBG2(DBG_ASN, "L%d - %s:", level, obj.name); + this->choice[obj.level+1] = TRUE; + *blob1 = blob_ori; + goto end; + } + /* return raw ASN.1 object without prior type checking */ if (obj.flags & ASN1_RAW) { DBG2(DBG_ASN, "L%d - %s:", level, obj.name); @@ -209,6 +249,18 @@ METHOD(asn1_parser_t, iterate, bool, } } + /* In case of a "CHOICE" start to scan for exactly one valid choice */ + if (obj.flags & ASN1_CHOICE) + { + if (blob1->len == 0) + { + DBG1(DBG_ASN, "L%d - %s: contains no choice", level, obj.name); + this->success = FALSE; + goto end; + } + this->choice[obj.level+1] = TRUE; + } + if (obj.flags & ASN1_OBJ) { object->ptr = start_ptr; |