Committed rev 3504.
On 4/28/08, Aktiv Co. Aleksey Samsonov <[EMAIL PROTECTED]> wrote: > Patch > opensc-0.11.4.trunk-r3502-fix-segv_print_tags_asn1.diff > (for trunk > trunk revision 3502) is draft. > > > Example 1 (SIGSEGV): > > OpenSC Explorer version 0.11.4-svn > OpenSC [3F00]> cd ff00 > OpenSC [3F00/FF00]> asn1 0001 > Printing tags for buffer of length 512 > [Switching to Thread -1211906368 (LWP 25131)] > > Breakpoint 1, print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "", > buflen=512, depth=0) > at asn1.c:219 > 219 size_t bytesleft = buflen; > (gdb) p *(char[512]*)buf > $21 = '\0' <repeats 511 times> > (gdb) bt > #0 print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "", > buflen=512, depth=0) at asn1.c:219 > #1 0xb7dc52d8 in sc_asn1_print_tags (buf=0x8066060 "", buflen=512) at > asn1.c:292 > #2 0x0804cd9e in do_asn1 (argc=1, argv=0xbfb95864) at > opensc-explorer.c:1571 > #3 0x0804d4af in main (argc=1, argv=0xbfb95974) at opensc-explorer.c:1780 > (gdb) until 230 > print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "", buflen=512, > depth=0) at asn1.c:230 > 230 r = sc_asn1_read_tag(&tagp, bytesleft, &cla, > &tag, &len); > (gdb) p/x cla > $22 = 0xb7eea718 > (gdb) p/x tag > $23 = 0xb7d9f8c8 > (gdb) s > sc_asn1_read_tag (buf=0xbfb9572c, buflen=512, cla_out=0xbfb95734, > tag_out=0xbfb95730, taglen=0xbfb95728) > at asn1.c:56 > 56 const u8 *p = *buf; > (gdb) > 57 size_t left = buflen, len; > (gdb) > 60 if (left < 2) > (gdb) > 62 *buf = NULL; > (gdb) > 63 if (*p == 0xff || *p == 0) > (gdb) > 65 return SC_SUCCESS; > (gdb) > 111 } > (gdb) > print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "", buflen=512, > depth=0) at asn1.c:231 > 231 if (r != SC_SUCCESS) { > (gdb) p/x cla > $24 = 0xb7eea718 > (gdb) p/x tag > $25 = 0xb7d9f8c8 > (gdb) n > 235 hlen = tagp - p; > (gdb) > 236 if (cla == 0 && tag == 0) { > (gdb) > 240 for (i = 0; i < depth; i++) { > (gdb) > 244 printf("%02X %s: tag 0x%02X, length %3d: ", > (gdb) > > Program received signal SIGSEGV, Segmentation fault. > 0xb7dc5108 in print_tags_recursive (buf0=0x8066060 "", buf=0x8066060 "", > buflen=512, depth=0) > at asn1.c:244 > > > Example 2 ("Illegal length!"): > > $ opensc-explorer > OpenSC Explorer version 0.11.4-svn > OpenSC [3F00]> cd ff00 > OpenSC [3F00/FF00]> asn1 0001 > Printing tags for buffer of length 512 > 30 Univ: tag 0x10, length 120: SEQUENCE > 30 Univ: tag 0x10, length 39: SEQUENCE > 0C Univ: tag 0x0C, length 30: UTF8STRING [Sample Private Key > (Aktiv Co.)] > 03 Univ: tag 0x03, length 2: BIT STRING [11] > 04 Univ: tag 0x04, length 1: OCTET STRING [02] > 30 Univ: tag 0x10, length 55: SEQUENCE > 04 Univ: tag 0x04, length 42: OCTET STRING > [4944206F662070616972206F66205253412073616D706C65206B6579732028416B74697620436F2E2900] > 03 Univ: tag 0x03, length 2: BIT STRING [100] > 03 Univ: tag 0x03, length 2: BIT STRING [11101] > 02 Univ: tag 0x02, length 1: INTEGER [0] > A0 Cntx: tag 0x00, length 0: > A1 Cntx: tag 0x01, length 18: > 30 Univ: tag 0x10, length 16: SEQUENCE > 30 Univ: tag 0x10, length 10: SEQUENCE > 04 Univ: tag 0x04, length 8: OCTET STRING [3F00FF0000000000] > 02 Univ: tag 0x02, length 2: INTEGER [512] > 30 Univ: tag 0x10, length 120: Illegal length! > OpenSC [3F00/FF00]> cat 0001 > 00000000: 30 78 30 27 0C 1E 53 61 6D 70 6C 65 20 50 72 69 > 00000010: 76 61 74 65 20 4B 65 79 20 28 41 6B 74 69 76 20 > 00000020: 43 6F 2E 29 03 02 06 C0 04 01 02 30 37 04 2A 49 > 00000030: 44 20 6F 66 20 70 61 69 72 20 6F 66 20 52 53 41 > 00000040: 20 73 61 6D 70 6C 65 20 6B 65 79 73 20 28 41 6B > 00000050: 74 69 76 20 43 6F 2E 29 00 03 02 05 20 03 02 03 > 00000060: B8 02 01 00 A0 00 A1 12 30 10 30 0A 04 08 3F 00 > 00000070: FF 00 00 00 00 00 02 02 02 00 00 00 00 00 00 00 > 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ... > 000001F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > > > diff -u -r opensc-0.11.4.trunk-r3502/src/libopensc/asn1.c > opensc-0.11.4.trunk-r3502_new/src/libopensc/asn1.c > --- opensc-0.11.4.trunk-r3502/src/libopensc/asn1.c > 2008-02-29 15:37:46.000000000 +0300 > +++ opensc-0.11.4.trunk-r3502_new/src/libopensc/asn1.c > 2008-04-28 17:11:00.000000000 +0400 > @@ -223,7 +223,7 @@ > const u8 *p = buf; > > while (bytesleft >= 2) { > - unsigned int cla, tag, hlen; > + unsigned int cla = 0, tag = 0, hlen; > const u8 *tagp = p; > size_t len; > > > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel