[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6215) liblber problems

Fixing this, and some other problems:

- decode.c incorrectly treats length octet 0x80 (indefinite-length)
  as long length = 0.  Fixing to returning an error.
- Overly complex and inefficient code, in particular encode.c.
  Rewriting.  Removing struct seqorset and related allocations.
- Missing overflow/max-size checks.
- ber_scanf() *must* clean up properly on error, as the code notes.
  Currently it can crash when reading malformed elements.

Both encode.c and decode.c mostly access the Ber data "properly" via
ber_write()/ber_read() but sometimes accesses the buffer directly.
Can clean up and speed up at the same time by collecting that in
fewer places.

Side effects:

- Dropping ber_write(,,,nonzero) support.  Any callers likey need
  to use BerElement.ber_sos_ptr/ber_sos_inner, the struct seqorset
- Dropping ber_log_sos_dump() and ber_sos_dump(), leaving behind
  stubs.  They'd need a new ber parameter to work.

Other matters - questions:

- decode.c is quite lax about what it accepts.  Should we tighten
  that when feasible, or remain "liberal in what we accept"?

  E.g. it accepts BER INTEGER length 0 and BOOLEAN length != 1, and
  wrong CONSTRUCTED/PRIMITIVE encoding bit.

- encode.c willingly stores broken identifier octets if passed an
  invalid tag, e.g. a single octet with low bits 0x1F implying long tag
  format.  I'm inclined to leave that alone, caller's responsibility.