[erlang-patches] ASN.1 Long Definite Length

Kenneth Lundin <>
Wed May 18 18:33:27 CEST 2011


Hi Vance,

Thanks for finding the bugs (which I think only have impact if the
indata in incorrect)
But of course it is not good if incorrect input can cause a crash of
the Erlang VM.

I will correct it in a slightly different way.

/Regards Kenneth

On Mon, May 16, 2011 at 5:13 PM, Henrik Nord <> wrote:
> On 05/15/2011 03:49 AM, Vance Shipley wrote:
>>
>> The asn1_erl_driver driver does not perform adequate bounds
>> checking in the case where the length value of a TLV is a
>> Long Definite Length.  The following demonstrates the problem:
>>
>>      Eshell V5.8.3  (abort with ^G)
>>      1>  asn1rt_ber_bin_v2:decode(<<252,255,255,255,255,255,255,255>>,
>> driver).
>>      Segmentation fault
>>
>> The attached patch adds a test to determine if the calculated length
>> has overflowed the size of the variable used to store it.  With the
>> patch applied:
>>
>>      Eshell V5.8.3  (abort with ^G)
>>      1>  asn1rt_ber_bin_v2:decode(<<252,255,255,255,255,255,255,255>>,
>> driver).
>>      ** exception exit: {error,{asn1,{"bad length field after byte:",5,
>>
>> <<"\374\377\377\377\377\377\377\377">>}}}
>>           in function  asn1rt_ber_bin_v2:handle_error/2
>>
>> I will submit a full patch with a test suite if you'd like me to.
>>
> Hello
> A full patch, with test suite and proper commit msg is preferred
> more info is found on https://github.com/erlang/otp/wiki
>
>
> I will include these mail-patches in 'pu' now, and let you know if something
> breaks.
>
> Thank you for the contribution!
>
> --
> /Henrik Nord Erlang/OTP
>
> _______________________________________________
> erlang-patches mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-patches
>


More information about the erlang-patches mailing list