search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libtommath: Fix possible integer overflow CVE-2023-36328
[heimdal.git] / lib / asn1 / gen_length.c
blobab5c5f3904549b3920028ac9fcbd2337a1947724
1 /*
2 * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "gen_locl.h"
35
36 RCSID("$Id$");
37
38 static void
39 length_primitive (const char *typename,
40 const char *name,
41 const char *variable)
42 {
43 fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
44 }
45
46 /* XXX same as der_length_tag */
47 static size_t
48 length_tag(unsigned int tag)
49 {
50 size_t len = 0;
51
52 if(tag <= 30)
53 return 1;
54 while(tag) {
55 tag /= 128;
56 len++;
57 }
58 return len + 1;
59 }
60
61
62 static int
63 length_type (const char *name, const Type *t,
64 const char *variable, const char *tmpstr)
65 {
66 switch (t->type) {
67 case TType:
68 #if 0
69 length_type (name, t->symbol->type);
70 #endif
71 fprintf (codefile, "%s += length_%s(%s);\n",
72 variable, t->symbol->gen_name, name);
73 break;
74 case TInteger:
75 if(t->members) {
76 fprintf(codefile,
77 "{\n"
78 "int enumint = *%s;\n", name);
79 length_primitive ("integer", "&enumint", variable);
80 fprintf(codefile, "}\n");
81 } else if (t->range == NULL) {
82 length_primitive ("heim_integer", name, variable);
83 } else if (t->range->min < 0 &&
84 (t->range->min < INT_MIN || t->range->max > INT_MAX)) {
85 length_primitive ("integer64", name, variable);
86 } else if (t->range->min < 0) {
87 length_primitive ("integer", name, variable);
88 } else if (t->range->max > UINT_MAX) {
89 length_primitive ("unsigned64", name, variable);
90 } else {
91 length_primitive ("unsigned", name, variable);
92 }
93 break;
94 case TBoolean:
95 fprintf (codefile, "%s += 1;\n", variable);
96 break;
97 case TEnumerated :
98 length_primitive ("enumerated", name, variable);
99 break;
100 case TOctetString:
101 length_primitive ("octet_string", name, variable);
102 break;
103 case TBitString: {
104 if (HEIM_TAILQ_EMPTY(t->members))
105 length_primitive("bit_string", name, variable);
106 else {
107 if (!rfc1510_bitstring) {
108 Member *m;
109 int pos = HEIM_TAILQ_LAST(t->members, memhead)->val;
110
111 fprintf(codefile,
112 "do {\n");
113 HEIM_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
114 while (m->val / 8 < pos / 8) {
115 pos -= 8;
116 }
117 fprintf (codefile,
118 "if((%s)->%s) { %s += %d; break; }\n",
119 name, m->gen_name, variable, (pos + 8) / 8);
120 }
121 fprintf(codefile,
122 "} while(0);\n");
123 fprintf (codefile, "%s += 1;\n", variable);
124 } else {
125 fprintf (codefile, "%s += 5;\n", variable);
126 }
127 }
128 break;
129 }
130 case TSet:
131 case TSequence:
132 case TChoice: {
133 Member *m, *have_ellipsis = NULL;
134
135 if (t->members == NULL)
136 break;
137
138 if(t->type == TChoice)
139 fprintf (codefile, "switch((%s)->element) {\n", name);
140
141 HEIM_TAILQ_FOREACH(m, t->members, members) {
142 char *s;
143
144 if (m->ellipsis) {
145 have_ellipsis = m;
146 continue;
147 }
148
149 if(t->type == TChoice)
150 fprintf(codefile, "case %s:\n", m->label);
151
152 if (asprintf (&s, "%s(%s)->%s%s",
153 m->optional ? "" : "&", name,
154 t->type == TChoice ? "u." : "", m->gen_name) < 0 || s == NULL)
155 errx(1, "malloc");
156 if (m->optional)
157 fprintf (codefile, "if(%s)", s);
158 else if(m->defval)
159 gen_compare_defval(s + 1, m->defval);
160 fprintf (codefile, "{\n"
161 "size_t %s_oldret = %s;\n"
162 "%s = 0;\n", tmpstr, variable, variable);
163 length_type (s, m->type, "ret", m->gen_name);
164 fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
165 fprintf (codefile, "}\n");
166 free (s);
167 if(t->type == TChoice)
168 fprintf(codefile, "break;\n");
169 }
170 if(t->type == TChoice) {
171 if (have_ellipsis)
172 fprintf(codefile,
173 "case %s:\n"
174 "ret += (%s)->u.%s.length;\n"
175 "break;\n",
176 have_ellipsis->label,
177 name,
178 have_ellipsis->gen_name);
179 fprintf (codefile, "}\n"); /* switch */
180 }
181 break;
182 }
183 case TSetOf:
184 case TSequenceOf: {
185 char *n = NULL;
186 char *sname = NULL;
187
188 fprintf (codefile,
189 "{\n"
190 "size_t %s_oldret = %s;\n"
191 "unsigned int n_%s;\n"
192 "%s = 0;\n",
193 tmpstr, variable, tmpstr, variable);
194
195 fprintf (codefile, "for(n_%s = (%s)->len; n_%s > 0; --n_%s){\n",
196 tmpstr, name, tmpstr, tmpstr);
197 fprintf (codefile, "size_t %s_for_oldret = %s;\n"
198 "%s = 0;\n", tmpstr, variable, variable);
199 if (asprintf (&n, "&(%s)->val[n_%s - 1]", name, tmpstr) < 0 || n == NULL)
200 errx(1, "malloc");
201 if (asprintf (&sname, "%s_S_Of", tmpstr) < 0 || sname == NULL)
202 errx(1, "malloc");
203 length_type(n, t->subtype, variable, sname);
204 fprintf (codefile, "%s += %s_for_oldret;\n",
205 variable, tmpstr);
206 fprintf (codefile, "}\n");
207
208 fprintf (codefile,
209 "%s += %s_oldret;\n"
210 "}\n", variable, tmpstr);
211 free(n);
212 free(sname);
213 break;
214 }
215 case TGeneralizedTime:
216 length_primitive ("generalized_time", name, variable);
217 break;
218 case TGeneralString:
219 length_primitive ("general_string", name, variable);
220 break;
221 case TTeletexString:
222 length_primitive ("general_string", name, variable);
223 break;
224 case TUTCTime:
225 length_primitive ("utctime", name, variable);
226 break;
227 case TUTF8String:
228 length_primitive ("utf8string", name, variable);
229 break;
230 case TPrintableString:
231 length_primitive ("printable_string", name, variable);
232 break;
233 case TIA5String:
234 length_primitive ("ia5_string", name, variable);
235 break;
236 case TBMPString:
237 length_primitive ("bmp_string", name, variable);
238 break;
239 case TUniversalString:
240 length_primitive ("universal_string", name, variable);
241 break;
242 case TVisibleString:
243 length_primitive ("visible_string", name, variable);
244 break;
245 case TNull:
246 fprintf (codefile, "/* NULL */\n");
247 break;
248 case TTag:{
249 char *tname = NULL;
250 int replace_tag = 0;
251 int prim = !(t->tag.tagclass != ASN1_C_UNIV &&
252 t->tag.tagenv == TE_EXPLICIT) &&
253 is_primitive_type(t->subtype);
254
255 if (asprintf(&tname, "%s_tag", tmpstr) < 0 || tname == NULL)
256 errx(1, "malloc");
257 length_type (name, t->subtype, variable, tname);
258 /* See the comments in encode_type() about IMPLICIT tags */
259 if (t->tag.tagenv == TE_IMPLICIT && !prim &&
260 t->subtype->type != TSequenceOf && t->subtype->type != TSetOf &&
261 t->subtype->type != TChoice) {
262 if (t->subtype->symbol &&
263 (t->subtype->type == TSequence ||
264 t->subtype->type == TSet))
265 replace_tag = 1;
266 else if (t->subtype->symbol && strcmp(t->subtype->symbol->name, "heim_any"))
267 replace_tag = 1;
268 } else if (t->tag.tagenv == TE_IMPLICIT && prim && t->subtype->symbol)
269 replace_tag = is_tagged_type(t->subtype->symbol->type);
270 if (replace_tag)
271 /*
272 * We're replacing the tag of the underlying type. If that type is
273 * imported, then we don't know its tag, so we rely on the
274 * asn1_tag_tag_<TypeName> enum value we generated for it, and we
275 * use the asn1_tag_length_<TypeName> enum value to avoid having to
276 * call der_length_tag() at run-time.
277 */
278 fprintf(codefile, "ret += %lu - asn1_tag_length_%s;\n",
279 (unsigned long)length_tag(t->tag.tagvalue),
280 t->subtype->symbol->gen_name);
281 else
282 fprintf(codefile, "ret += %lu + der_length_len (ret);\n",
283 (unsigned long)length_tag(t->tag.tagvalue));
284 free(tname);
285 break;
286 }
287 case TOID:
288 length_primitive ("oid", name, variable);
289 break;
290 default :
291 abort ();
292 }
293 return 0;
294 }
295
296 void
297 generate_type_length (const Symbol *s)
298 {
299 fprintf (codefile,
300 "size_t ASN1CALL\n"
301 "length_%s(const %s *data)\n"
302 "{\n"
303 "size_t ret = 0;\n",
304 s->gen_name, s->gen_name);
305
306 length_type ("data", s->type, "ret", "Top");
307 fprintf (codefile, "return ret;\n}\n\n");
308 }
309
Heimdal