Committed rev 3504.
On 4/28/08, Aktiv Co. Aleksey Samsonov <[EMAIL PROTECTED]> wrote:
> Patch
> opensc-0.11.4.trunk-r3502-fix-segv_print_tags_asn1.diff
> (for trunk
> trunk revision 3502) is draft.
>
>
> Example 1 (SIGSEGV):
>
> OpenSC Explorer version 0.11.4-svn
> OpenSC [3F00]> cd ff00
> OpenSC [3F00/FF00]> asn1 0001
> Printing tags for buffer of length 512
> [Switching to Thread -1211906368 (LWP 25131)]
>
> Breakpoint 1, print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "",
> buflen=512, depth=0)
> at asn1.c:219
> 219 size_t bytesleft = buflen;
> (gdb) p *(char[512]*)buf
> $21 = '\0' <repeats 511 times>
> (gdb) bt
> #0 print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "",
> buflen=512, depth=0) at asn1.c:219
> #1 0xb7dc52d8 in sc_asn1_print_tags (buf=0x8066060 "", buflen=512) at
> asn1.c:292
> #2 0x0804cd9e in do_asn1 (argc=1, argv=0xbfb95864) at
> opensc-explorer.c:1571
> #3 0x0804d4af in main (argc=1, argv=0xbfb95974) at opensc-explorer.c:1780
> (gdb) until 230
> print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "", buflen=512,
> depth=0) at asn1.c:230
> 230 r = sc_asn1_read_tag(&tagp, bytesleft, &cla,
> &tag, &len);
> (gdb) p/x cla
> $22 = 0xb7eea718
> (gdb) p/x tag
> $23 = 0xb7d9f8c8
> (gdb) s
> sc_asn1_read_tag (buf=0xbfb9572c, buflen=512, cla_out=0xbfb95734,
> tag_out=0xbfb95730, taglen=0xbfb95728)
> at asn1.c:56
> 56 const u8 *p = *buf;
> (gdb)
> 57 size_t left = buflen, len;
> (gdb)
> 60 if (left < 2)
> (gdb)
> 62 *buf = NULL;
> (gdb)
> 63 if (*p == 0xff || *p == 0)
> (gdb)
> 65 return SC_SUCCESS;
> (gdb)
> 111 }
> (gdb)
> print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "", buflen=512,
> depth=0) at asn1.c:231
> 231 if (r != SC_SUCCESS) {
> (gdb) p/x cla
> $24 = 0xb7eea718
> (gdb) p/x tag
> $25 = 0xb7d9f8c8
> (gdb) n
> 235 hlen = tagp - p;
> (gdb)
> 236 if (cla == 0 && tag == 0) {
> (gdb)
> 240 for (i = 0; i < depth; i++) {
> (gdb)
> 244 printf("%02X %s: tag 0x%02X, length %3d: ",
> (gdb)
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xb7dc5108 in print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "",
> buflen=512, depth=0)
> at asn1.c:244
>
>
> Example 2 ("Illegal length!"):
>
> $ opensc-explorer
> OpenSC Explorer version 0.11.4-svn
> OpenSC [3F00]> cd ff00
> OpenSC [3F00/FF00]> asn1 0001
> Printing tags for buffer of length 512
> 30 Univ: tag 0x10, length 120: SEQUENCE
> 30 Univ: tag 0x10, length 39: SEQUENCE
> 0C Univ: tag 0x0C, length 30: UTF8STRING [Sample Private Key
> (Aktiv Co.)]
> 03 Univ: tag 0x03, length 2: BIT STRING [11]
> 04 Univ: tag 0x04, length 1: OCTET STRING [02]
> 30 Univ: tag 0x10, length 55: SEQUENCE
> 04 Univ: tag 0x04, length 42: OCTET STRING
> [4944206F662070616972206F66205253412073616D706C65206B6579732028416B74697620436F2E2900]
> 03 Univ: tag 0x03, length 2: BIT STRING [100]
> 03 Univ: tag 0x03, length 2: BIT STRING [11101]
> 02 Univ: tag 0x02, length 1: INTEGER [0]
> A0 Cntx: tag 0x00, length 0:
> A1 Cntx: tag 0x01, length 18:
> 30 Univ: tag 0x10, length 16: SEQUENCE
> 30 Univ: tag 0x10, length 10: SEQUENCE
> 04 Univ: tag 0x04, length 8: OCTET STRING [3F00FF0000000000]
> 02 Univ: tag 0x02, length 2: INTEGER [512]
> 30 Univ: tag 0x10, length 120: Illegal length!
> OpenSC [3F00/FF00]> cat 0001
> 00000000: 30 78 30 27 0C 1E 53 61 6D 70 6C 65 20 50 72 69
> 00000010: 76 61 74 65 20 4B 65 79 20 28 41 6B 74 69 76 20
> 00000020: 43 6F 2E 29 03 02 06 C0 04 01 02 30 37 04 2A 49
> 00000030: 44 20 6F 66 20 70 61 69 72 20 6F 66 20 52 53 41
> 00000040: 20 73 61 6D 70 6C 65 20 6B 65 79 73 20 28 41 6B
> 00000050: 74 69 76 20 43 6F 2E 29 00 03 02 05 20 03 02 03
> 00000060: B8 02 01 00 A0 00 A1 12 30 10 30 0A 04 08 3F 00
> 00000070: FF 00 00 00 00 00 02 02 02 00 00 00 00 00 00 00
> 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ...
> 000001F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
>
>
> diff -u -r opensc-0.11.4.trunk-r3502/src/libopensc/asn1.c
> opensc-0.11.4.trunk-r3502_new/src/libopensc/asn1.c
> --- opensc-0.11.4.trunk-r3502/src/libopensc/asn1.c
> 2008-02-29 15:37:46.000000000 +0300
> +++ opensc-0.11.4.trunk-r3502_new/src/libopensc/asn1.c
> 2008-04-28 17:11:00.000000000 +0400
> @@ -223,7 +223,7 @@
> const u8 *p = buf;
>
> while (bytesleft >= 2) {
> - unsigned int cla, tag, hlen;
> + unsigned int cla = 0, tag = 0, hlen;
> const u8 *tagp = p;
> size_t len;
>
>
>
>
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
