asn1c: Decoding an OCTET STRING with lower bound limit on its size fails for uper_decode()


The following post is for the https://lionet.info/asn1c/ (repository: https://github.com/vlm/asn1c/)

Hello guys,

I’ve noticed that when I set a lower bound limit on the size of an octet string, it fails to decode it.
To reproduce this scenario I created a small but full example that is located here([download id=”2539″]).

The example([download id=”2539″]) is an application that uses the code generated by asn1c and has the following behavior:

  1. It will read a name of a file from the command line
  2. read the file to memory
  3. convert it to an octet string using OCTET_STRING_fromBuf()
  4. encode it to an ASN.1 structure using uper_encode_to_new_buffer(), after asn_check_constraints() succeeds
  5. save the encoded data to a file for debugging (same folder as the original file)
  6. decode the buffer from memory using uper_decode()
  7. save the decoded data to a file (same folder as the original file)

Methodology

To create/view the bug use this ASN1 data structure as input to the asn1c compiler:

ImagesModule DEFINITIONS ::= BEGIN

 Image ::= SEQUENCE
 {
  data OCTET STRING SIZE (40..81920)
 }

END

To hide the bug, use:

ImagesModule DEFINITIONS ::= BEGIN

 Image ::= SEQUENCE
 {
  data OCTET STRING SIZE (0..81920)
 }

END

The only difference between the two versions is the use of a lower limit constraint on the size of the OCTET string.

Compilation command for asn1c

From folder asn1c_image/asn1 we used the following command:

/home/developer/asn1c/asn1c/asn1c -pdu=auto -S /home/developer/asn1c/skeletons/ -fcompound-names -gen-PER ../images.asn1

Version of asn1c

'ASN.1 Compiler, v0.9.28'

Samples

Inside the archive, there are two files [test_01.png, bad_data.bin].

  • test_01.png is larger than 80K so it should always fail.
  • bad_data.bin fails only when there is a lower bound limit on the size

[download id=”2539″]

This post is also available in: Greek

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.