The following post is for the https://lionet.info/asn1c/ (repository: https://github.com/vlm/asn1c/)
Hello guys,
I’ve noticed that when I set a lower bound
limit on the size of an octet string
, it fails to decode it.
To reproduce this scenario I created a small but full example that is located here([download id=”2539″]).
The example([download id=”2539″]) is an application that uses the code generated by asn1c
and has the following behavior:
- It will read a name of a file from the command line
- read the file to memory
- convert it to an
octet string
usingOCTET_STRING_fromBuf()
- encode it to an
ASN.1
structure usinguper_encode_to_new_buffer()
, afterasn_check_constraints()
succeeds - save the encoded data to a file for debugging (same folder as the original file)
- decode the buffer from memory using
uper_decode()
- save the decoded data to a file (same folder as the original file)
Methodology
To create/view the bug use this ASN1
data structure as input to the asn1c
compiler:
ImagesModule DEFINITIONS ::= BEGIN Image ::= SEQUENCE { data OCTET STRING SIZE (40..81920) } END
To hide the bug, use:
ImagesModule DEFINITIONS ::= BEGIN Image ::= SEQUENCE { data OCTET STRING SIZE (0..81920) } END
The only difference between the two versions is the use of a lower limit constraint on the size of the OCTET string.
Compilation command for asn1c
From folder asn1c_image/asn1
we used the following command:
/home/developer/asn1c/asn1c/asn1c -pdu=auto -S /home/developer/asn1c/skeletons/ -fcompound-names -gen-PER ../images.asn1
Version of asn1c
'ASN.1 Compiler, v0.9.28'
Samples
Inside the archive, there are two files [test_01.png
, bad_data.bin
].
test_01.png
is larger than 80K so it should always fail.bad_data.bin
fails only when there is a lower bound limit on the size
[download id=”2539″]
This post is also available in: Αγγλικα