The following post is for the https://lionet.info/asn1c/ (repository: https://github.com/vlm/asn1c/)
Hello guys,
I’ve noticed that when I set a lower bound limit on the size of an octet string, it fails to decode it.
To reproduce this scenario I created a small but full example that is located here([download id=”2539″]).
The example([download id=”2539″]) is an application that uses the code generated by asn1c and has the following behavior:
- It will read a name of a file from the command line
- read the file to memory
- convert it to an
octet stringusingOCTET_STRING_fromBuf() - encode it to an
ASN.1structure usinguper_encode_to_new_buffer(), afterasn_check_constraints()succeeds - save the encoded data to a file for debugging (same folder as the original file)
- decode the buffer from memory using
uper_decode() - save the decoded data to a file (same folder as the original file)
Methodology
To create/view the bug use this ASN1 data structure as input to the asn1c compiler:
ImagesModule DEFINITIONS ::= BEGIN
Image ::= SEQUENCE
{
data OCTET STRING SIZE (40..81920)
}
END
To hide the bug, use:
ImagesModule DEFINITIONS ::= BEGIN
Image ::= SEQUENCE
{
data OCTET STRING SIZE (0..81920)
}
END
The only difference between the two versions is the use of a lower limit constraint on the size of the OCTET string.
Compilation command for asn1c
From folder asn1c_image/asn1 we used the following command:
/home/developer/asn1c/asn1c/asn1c -pdu=auto -S /home/developer/asn1c/skeletons/ -fcompound-names -gen-PER ../images.asn1
Version of asn1c
'ASN.1 Compiler, v0.9.28'
Samples
Inside the archive, there are two files [test_01.png, bad_data.bin].
test_01.pngis larger than 80K so it should always fail.bad_data.binfails only when there is a lower bound limit on the size
[download id=”2539″]
This post is also available in: Greek
