diff options
| author | Werner Koch <[email protected]> | 2023-10-10 09:36:26 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-10-10 09:37:00 +0000 |
| commit | 5601f5db9862e23140bccc0e603e42164fe02296 (patch) | |
| tree | 795d4ab6a6334f03b7e6c52bd416c230edd98842 /sm/minip12.c | |
| parent | scd:openpgp: Return better error codes for the Reset Code. (diff) | |
| download | gnupg-5601f5db9862e23140bccc0e603e42164fe02296.tar.gz gnupg-5601f5db9862e23140bccc0e603e42164fe02296.zip | |
gpgsm: Improvements for NDEF in the pkcs#12 parser
* sm/minip12.c (_tlv_push): Handle NDEF more correctly.
(tlv_expect_octet_string): Do not bail out on NDEF.
(dump_tag_info): Print some more infos.
--
We do not have a complete test case for this. We need to further
analyze T6752 to see what Mozilla is doing here. In any case with
this patch we get a bit further and don't bail out at the ndef.
GnuPG-bug-id: 6536, 6752
Diffstat (limited to 'sm/minip12.c')
| -rw-r--r-- | sm/minip12.c | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/sm/minip12.c b/sm/minip12.c index e63d9a95d..3705f3770 100644 --- a/sm/minip12.c +++ b/sm/minip12.c @@ -241,14 +241,21 @@ p12_set_verbosity (int verbose, int debug) static void -dump_tag_info (const char *text, struct tag_info *ti) +dump_tag_info (const char *text, struct tlv_ctx_s *tlv) { - if (opt_verbose > 1) - log_debug ("p12_parse(%s): ti.class=%d tag=%lu len=%zu nhdr=%zu %s%s\n", - text, - ti->class, ti->tag, ti->length, ti->nhdr, - ti->is_constructed?" cons":"", - ti->ndef?" ndef":""); + struct tag_info *ti; + + if (opt_verbose < 2) + return; + + ti = &tlv->ti; + log_debug ("p12_parse(%s): ti.class=%-2d tag=%-2lu len=%-4zu nhdr=%zu %s %s" + " (%u:%zu.%zu)\n", + text, + ti->class, ti->tag, ti->length, ti->nhdr, + ti->is_constructed?"cons":" ", + ti->ndef?"ndef":" ", + tlv->stacklen, tlv->bufsize, tlv->offset); } @@ -473,7 +480,13 @@ _tlv_push (struct tlv_ctx_s *tlv) tlv->stack[tlv->stacklen].in_ndef = tlv->in_ndef; tlv->stacklen++; tlv->buffer += tlv->offset; - tlv->bufsize = tlv->ti.length; + if (tlv->ti.ndef) + { + log_assert (tlv->bufsize >= tlv->offset); + tlv->bufsize -= tlv->offset; + } + else + tlv->bufsize = tlv->ti.length; tlv->offset = 0; tlv->in_ndef = tlv->ti.ndef; return 0; @@ -551,7 +564,7 @@ tlv_next (struct tlv_ctx_s *tlv) /* Set offset to the value of the TLV. */ tlv->offset += tlv->bufsize - tlv->offset - n; - dump_tag_info ("tlv_next", &tlv->ti); + dump_tag_info ("tlv_next", tlv); return 0; } @@ -706,7 +719,7 @@ tlv_expect_octet_string (struct tlv_ctx_s *tlv, int encapsulates, && (!tlv->ti.is_constructed || encapsulates))) return (tlv->lasterr = gpg_error (GPG_ERR_INV_OBJ)); p = tlv->buffer + tlv->offset; - if (!(n=tlv->ti.length)) + if (!(n=tlv->ti.length) && !tlv->ti.ndef) return (tlv->lasterr = gpg_error (GPG_ERR_TOO_SHORT)); if (encapsulates && tlv->ti.is_constructed |