[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8516) TAG decoding incorrect when longer than 1 byte

To: openldap-its@OpenLDAP.org
Subject: (ITS#8516) TAG decoding incorrect when longer than 1 byte
From: elecharny@apache.org
Date: Tue, 11 Oct 2016 16:10:26 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Emmanuel Lecjarny
Version: 2.4.44
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (90.92.161.247)


IMO, the code that deal with tags in the lber decode.c ber_tag_and_rest() method
is incorrectly decoding tags that are longer than 1 byte. Not that it is a huge
problem for OpenLDAP, because we always use 1 byte long tags, but from the ASN.1
BER decoding POV, that wilbrbreak when having a 2 bytes long tag :

 116     do {
 117         if ( rest <= 0 ) {
 118             break;
 119         }
 120         tag <<= 8;
 121         tag |= *ptr++ & 0xffU;
 122         rest--;
 123 
 124         if ( ! (tag & LBER_MORE_TAG_MASK) ) {
 125             goto done;
 126         }
 127     } while ( tag <= (ber_tag_t)-1 / 256 );


should read

 114     tag = (ber_tag_t) 0x00U;
 115
 116     do {
 117         if ( rest <= 0 ) {
 118             break;
 119         }
 120         tag <<= 7;
 121         tag |= *ptr++ & 0x7fU;
 122         rest--;
 123 
 124         if ( ! (tag & LBER_MORE_TAG_MASK) ) {
 125             goto done;
 126         }
 127     } while ( tag <= (ber_tag_t)-1 / 256 );

The reason being that BER encoding for Tags when longer than 1 byte looks like
:

[class|P/C|11111] - [1|uuu uuuu] - [1|uuu uuuu] - [1|uuu uuuu] - ... - [0|uuu
uuuu] 
     byte 1            byte 2          byte 3         byte 4               byte
N

 and the 'uuu uuuu' parts are only 7 bits long.

Prev by Date: Re: (ITS#8515) => mdb_idl_insert_keys: c_put id failed: MDB_MAP_FULL: Environment mapsize limit reached (-30792)
Next by Date: Re: (ITS#8516) TAG decoding incorrect when longer than 1 byte
Index(es):
- Chronological
- Thread