[erlang-patches] ASN.1 Long Definite Length

Henrik Nord henrik@REDACTED
Mon May 16 17:13:49 CEST 2011


On 05/15/2011 03:49 AM, Vance Shipley wrote:
> The asn1_erl_driver driver does not perform adequate bounds
> checking in the case where the length value of a TLV is a
> Long Definite Length.  The following demonstrates the problem:
>
>       Eshell V5.8.3  (abort with ^G)
>       1>  asn1rt_ber_bin_v2:decode(<<252,255,255,255,255,255,255,255>>, driver).
>       Segmentation fault
>
> The attached patch adds a test to determine if the calculated length
> has overflowed the size of the variable used to store it.  With the
> patch applied:
>
>       Eshell V5.8.3  (abort with ^G)
>       1>  asn1rt_ber_bin_v2:decode(<<252,255,255,255,255,255,255,255>>, driver).
>       ** exception exit: {error,{asn1,{"bad length field after byte:",5,
>                                        <<"\374\377\377\377\377\377\377\377">>}}}
>            in function  asn1rt_ber_bin_v2:handle_error/2
>
> I will submit a full patch with a test suite if you'd like me to.
>
Hello
A full patch, with test suite and proper commit msg is preferred
more info is found on https://github.com/erlang/otp/wiki


I will include these mail-patches in 'pu' now, and let you know if 
something breaks.

Thank you for the contribution!

-- 
/Henrik Nord Erlang/OTP




More information about the erlang-patches mailing list