[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6215) liblber problems

Fixed the above, including malformed bitstrings and set/sequences.

Need decision on decode(bad INTEGER/BOOLEAN) and encode(bad tag):

> - decode.c is quite lax about what it accepts.  Should we tighten
>   that when feasible, or remain "liberal in what we accept"?
>   E.g. it accepts BER INTEGER length 0 and BOOLEAN length != 1, and
>   wrong CONSTRUCTED/PRIMITIVE encoding bit.
> - encode.c willingly stores broken identifier octets if passed an
>   invalid tag, e.g. a single octet with low bits 0x1F implying long tag
>   format.  I'm inclined to leave that alone, caller's responsibility.

API matters:

I'll export the new function ber_peek_element().  And if nobody
disagrees, the matching function ber_skip_element() even though
that is nearly a duplicate of ber_get_stringbv(,, LBER_BV_NOTERM).