diff options
author | David Howells <dhowells@redhat.com> | 2015-08-05 13:54:46 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2015-08-05 14:38:07 +0200 |
commit | 233ce79db4b23a174bcf30bde5d6ad913d5f46d3 (patch) | |
tree | fdf3021db1ab8f6d71908b6cc2a2e3afba94fb21 /scripts/asn1_compiler.c | |
parent | ASN.1: Fix non-match detection failure on data overrun (diff) | |
download | linux-233ce79db4b23a174bcf30bde5d6ad913d5f46d3.tar.xz linux-233ce79db4b23a174bcf30bde5d6ad913d5f46d3.zip |
ASN.1: Handle 'ANY OPTIONAL' in grammar
An ANY object in an ASN.1 grammar that is marked OPTIONAL should be skipped
if there is no more data to be had.
This can be tested by editing X.509 certificates or PKCS#7 messages to
remove the NULL from subobjects that look like the following:
SEQUENCE {
OBJECT(2a864886f70d01010b);
NULL();
}
This is an algorithm identifier plus an optional parameter.
The modified DER can be passed to one of:
keyctl padd asymmetric "" @s </tmp/modified.x509
keyctl padd pkcs7_test foo @s </tmp/modified.pkcs7
It should work okay with the patch and produce EBADMSG without.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Marcel Holtmann <marcel@holtmann.org>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
Diffstat (limited to 'scripts/asn1_compiler.c')
-rw-r--r-- | scripts/asn1_compiler.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/scripts/asn1_compiler.c b/scripts/asn1_compiler.c index 0515bced929a..1c75e22b6385 100644 --- a/scripts/asn1_compiler.c +++ b/scripts/asn1_compiler.c @@ -1401,7 +1401,8 @@ static void render_element(FILE *out, struct element *e, struct element *tag) act = e->action ? "_ACT" : ""; switch (e->compound) { case ANY: - render_opcode(out, "ASN1_OP_%sMATCH_ANY%s,", cond, act); + render_opcode(out, "ASN1_OP_%sMATCH_ANY%s%s,", + cond, act, skippable ? "_OR_SKIP" : ""); if (e->name) render_more(out, "\t\t// %*.*s", (int)e->name->size, (int)e->name->size, |