[security-dev 00851]: Re: Code review request: 6813340: X509Factory should not depend on is.available()==0

Mon, 25 May 2009 07:21:40 -0700 


Max (Weijun) Wang wrote:

3. 584 ~ EOF

You assume that the tag occupy only one byte, that's incorrect, the 
tag would occupy more than one byte when it is bigger than 30. The 
assume would make the following length parser code incorrect.



You assume that the end of indefinite length is only one zero byte, 
that's incorrect, it is zero of two bytes.


readBERInternal() reads 2 bytes at EOC, on 588 and 595.


OK, I just realized line 605 is incorrect, which will treat the 
content as a TLV component, which is not always correct. For example, 
if the indefinite-length is "0x80 0x06 0x07 0x01 0x00 0x00", "0x06 
0x07 0x01" is the content bytes, the 0x06 will be parsed as tag, the 
ox07 will be parsed as length, and then try to read 0x07 bytes from 
the stream.



If you want to support indefinite-length, I think you can simply keep 
reading until get two zero bytes.


As I understand, "0x80 0x06 0x07 0x01 0x00 0x00" is not an indef-len BER.

You're right, it is not a valid indef-len BER. I will look twice of 
readBERInternal() tomorrow.


Andrew

An indef-len BER is always a constructed type, which includes an 
arrays of data ended with an EOC, so it should be something like:


  TAG 0x80
           TAG1 0x02 a b
           TAG2 0x03 a b c
           0x00 0x00


The following lines are extracted from "A Layman's Guide to ASN.1, BER 
and DER" [1]


    In each method, the BER encoding has three or four parts:

    Identifier octets. These identify the class and tag number
    of the ASN.1 value, and indicate whether the method is
    primitive or constructed.

    Length octets. For the definite-length methods, these give
    the number of contents octets. For the constructed,
    indefinite-length method, these indicate that the length
    is indefinite.

    Contents octets. For the primitive, definite-length method,
    these give a concrete representation of the value. For the
    constructed methods, these give the concatenation of the
    BER encodings of the components of the value.

    End-of-contents octets. For the constructed, indefinite-
    length method, these denote the end of the contents. For
    the other methods, these are absent.

Max

[1] http://luca.ntop.org/Teaching/Appunti/asn1.html























					Reply via email to