neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/libasn1c/+/37986?usp=email )
Change subject: coverity CID#27223 ......................................................................
coverity CID#27223
Make sure that bits_unused cannot subtract more bits than present in st->size.
Especially when st->size == 0, this ensures that sizeinunits is also 0, and that a st->size == 0 hence never enters the while (sizeinunits) loop.
Change-Id: Ib4d4d08dde9dc01403a62493ab6ae8b853b8a1ec --- M src/OCTET_STRING.c 1 file changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libasn1c refs/changes/86/37986/1
diff --git a/src/OCTET_STRING.c b/src/OCTET_STRING.c index 959c32e..d8f0f69 100644 --- a/src/OCTET_STRING.c +++ b/src/OCTET_STRING.c @@ -1699,6 +1699,7 @@ unsigned int unit_bits; unsigned int canonical_unit_bits; unsigned int sizeinunits; + unsigned int unused; const uint8_t *buf; int ret; enum { @@ -1728,7 +1729,11 @@ case ASN_OSUBV_BIT: canonical_unit_bits = unit_bits = 1; bpc = OS__BPC_BIT; - sizeinunits = st->size * 8 - (st->bits_unused & 0x07); + sizeinunits = st->size * 8; + /* make sure sizeinunits cannot wrap past zero (especially when st->size == 0). */ + unused = st->bits_unused & 0x07; + if (unused <= sizeinunits) + sizeinunits -= unused; ASN_DEBUG("BIT STRING of %d bytes, %d bits unused", sizeinunits, st->bits_unused); break; @@ -1827,8 +1832,10 @@ ret = OCTET_STRING_per_put_characters(po, buf, maySave, bpc, unit_bits, cval->lower_bound, cval->upper_bound, pc); - } else { + } else if (buf) { ret = per_put_many_bits(po, buf, maySave * unit_bits); + } else { + _ASN_ENCODE_FAILED; } if(ret) _ASN_ENCODE_FAILED;
-
neels