diff options
| author | Andrew Scull <ascull@google.com> | 2021-04-01 18:31:35 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-04-01 18:31:35 +0000 |
| commit | c553ce5ef89d0608176667ffb9ff24991ab23835 (patch) | |
| tree | 18ff671c96f5878fc77ac63d4c15a53909e41071 | |
| parent | 09ba61cedc0fadf59832e4d2be7858d4b4466aab (diff) | |
| parent | 57bba0cf1892578e5eb82f3644ae0a3481156064 (diff) | |
| download | libcppbor-c553ce5ef89d0608176667ffb9ff24991ab23835.tar.gz | |
Reject reserved values and indefinite lengths am: 42a7aa8fbf am: f816fae5dd am: 57bba0cf18
Original change: https://android-review.googlesource.com/c/platform/external/libcppbor/+/1658064
Change-Id: I5433de3cbb5e69797f3f768c0a7436dbb66c0c79
| -rw-r--r-- | src/cppbor_parse.cpp | 7 | ||||
| -rw-r--r-- | tests/cppbor_test.cpp | 20 |
2 files changed, 26 insertions, 1 deletions
diff --git a/src/cppbor_parse.cpp b/src/cppbor_parse.cpp index 5cf76b2..fcf0dac 100644 --- a/src/cppbor_parse.cpp +++ b/src/cppbor_parse.cpp @@ -202,8 +202,13 @@ std::tuple<const uint8_t*, ParseClient*> parseRecursively(const uint8_t* begin, bool success = true; uint64_t addlData; - if (tagInt < ONE_BYTE_LENGTH || tagInt > EIGHT_BYTE_LENGTH) { + if (tagInt < ONE_BYTE_LENGTH) { addlData = tagInt; + } else if (tagInt > EIGHT_BYTE_LENGTH) { + parseClient->error( + begin, + "Reserved additional information value or unsupported indefinite length item."); + return {begin, nullptr}; } else { switch (tagInt) { case ONE_BYTE_LENGTH: diff --git a/tests/cppbor_test.cpp b/tests/cppbor_test.cpp index 8a81e4e..ef98519 100644 --- a/tests/cppbor_test.cpp +++ b/tests/cppbor_test.cpp @@ -1714,6 +1714,26 @@ TEST(FullParserTest, ViewBstr) { EXPECT_THAT(item, MatchesItem(val)); } +TEST(FullParserTest, ReservedAdditionalInformation) { + vector<uint8_t> reservedVal = {0x1D}; + + auto [item, pos, message] = parse(reservedVal); + EXPECT_THAT(item, IsNull()); + EXPECT_EQ(pos, reservedVal.data()); + EXPECT_EQ("Reserved additional information value or unsupported indefinite length item.", + message); +} + +TEST(FullParserTest, IndefiniteArray) { + vector<uint8_t> indefiniteArray = {0x7F}; + + auto [item, pos, message] = parse(indefiniteArray); + EXPECT_THAT(item, IsNull()); + EXPECT_EQ(pos, indefiniteArray.data()); + EXPECT_EQ("Reserved additional information value or unsupported indefinite length item.", + message); +} + TEST(MapGetValueByKeyTest, Map) { Array compoundItem(1, 2, 3, 4, 5, Map(4, 5, "a", "b")); auto clone = compoundItem.clone(); |