[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6215) liblber problems

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6215) liblber problems
From: h.b.furuseth@usit.uio.no
Date: Wed, 29 Jul 2009 13:50:03 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Fixing this, and some other problems:

- decode.c incorrectly treats length octet 0x80 (indefinite-length)
  as long length = 0.  Fixing to returning an error.
- Overly complex and inefficient code, in particular encode.c.
  Rewriting.  Removing struct seqorset and related allocations.
- Missing overflow/max-size checks.
- ber_scanf() *must* clean up properly on error, as the code notes.
  Currently it can crash when reading malformed elements.

Both encode.c and decode.c mostly access the Ber data "properly" via
ber_write()/ber_read() but sometimes accesses the buffer directly.
Can clean up and speed up at the same time by collecting that in
fewer places.

Side effects:

- Dropping ber_write(,,,nonzero) support.  Any callers likey need
  to use BerElement.ber_sos_ptr/ber_sos_inner, the struct seqorset
  replacement.
- Dropping ber_log_sos_dump() and ber_sos_dump(), leaving behind
  stubs.  They'd need a new ber parameter to work.


Other matters - questions:

- decode.c is quite lax about what it accepts.  Should we tighten
  that when feasible, or remain "liberal in what we accept"?

  E.g. it accepts BER INTEGER length 0 and BOOLEAN length != 1, and
  wrong CONSTRUCTED/PRIMITIVE encoding bit.

- encode.c willingly stores broken identifier octets if passed an
  invalid tag, e.g. a single octet with low bits 0x1F implying long tag
  format.  I'm inclined to leave that alone, caller's responsibility.

-- 
Hallvard

Prev by Date: Re: (ITS#6232) OpenLDAP 2.4.17 fails to compile with --with-tls=gnutls
Next by Date: Re: (ITS#6225) GSSAPI support for client library (fixes)
Index(es):
- Chronological
- Thread