[erlang-patches] ASN.1 Long Definite Length
Kenneth Lundin
kenneth.lundin@REDACTED
Wed May 18 18:33:27 CEST 2011
Hi Vance,
Thanks for finding the bugs (which I think only have impact if the
indata in incorrect)
But of course it is not good if incorrect input can cause a crash of
the Erlang VM.
I will correct it in a slightly different way.
/Regards Kenneth
On Mon, May 16, 2011 at 5:13 PM, Henrik Nord <henrik@REDACTED> wrote:
> On 05/15/2011 03:49 AM, Vance Shipley wrote:
>>
>> The asn1_erl_driver driver does not perform adequate bounds
>> checking in the case where the length value of a TLV is a
>> Long Definite Length. The following demonstrates the problem:
>>
>> Eshell V5.8.3 (abort with ^G)
>> 1> asn1rt_ber_bin_v2:decode(<<252,255,255,255,255,255,255,255>>,
>> driver).
>> Segmentation fault
>>
>> The attached patch adds a test to determine if the calculated length
>> has overflowed the size of the variable used to store it. With the
>> patch applied:
>>
>> Eshell V5.8.3 (abort with ^G)
>> 1> asn1rt_ber_bin_v2:decode(<<252,255,255,255,255,255,255,255>>,
>> driver).
>> ** exception exit: {error,{asn1,{"bad length field after byte:",5,
>>
>> <<"\374\377\377\377\377\377\377\377">>}}}
>> in function asn1rt_ber_bin_v2:handle_error/2
>>
>> I will submit a full patch with a test suite if you'd like me to.
>>
> Hello
> A full patch, with test suite and proper commit msg is preferred
> more info is found on https://github.com/erlang/otp/wiki
>
>
> I will include these mail-patches in 'pu' now, and let you know if something
> breaks.
>
> Thank you for the contribution!
>
> --
> /Henrik Nord Erlang/OTP
>
> _______________________________________________
> erlang-patches mailing list
> erlang-patches@REDACTED
> http://erlang.org/mailman/listinfo/erlang-patches
>
More information about the erlang-patches
mailing list