github-mirrors/OpenV2G
1
0
Fork 0
mirror of https://github.com/Martin-P/OpenV2G.git synced 2024-11-18 12:53:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: possible memory corruption bug when parsing X509 serial numbers

Browse source 
git-svn-id: https://svn.code.sf.net/p/openv2g/code/trunk@118 d9f2db14-54d0-4bde-b00c-16405c910529
This commit is contained in:
daniel_peintner 2022-03-11 06:49:25 +00:00
parent 6a5f291f88
commit 9bb3ff36d1
1 changed files with 384 additions and 246 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

248
src/codec/DecoderChannel.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2007-2018 Siemens AG * Copyright (C) 2007-2022 Siemens AG
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published * it under the terms of the GNU Lesser General Public License as published
@ -18,7 +18,7 @@
/******************************************************************* /*******************************************************************
* *
* @author Daniel.Peintner.EXT@siemens.com * @author Daniel.Peintner.EXT@siemens.com
* @version 2017-03-02 * @version 2022-03-08
* @contact Richard.Kuntschke@siemens.com * @contact Richard.Kuntschke@siemens.com
* *
* <p>Code generated by EXIdizer</p> * <p>Code generated by EXIdizer</p>
@ -314,121 +314,259 @@ int decodeUnsignedIntegerBig(bitstream_t* stream, size_t size, uint8_t* data, si
uint64_4 += ((uint64_t) (b & 127)) << mShift4; uint64_4 += ((uint64_t) (b & 127)) << mShift4;
mShift4 += 7; mShift4 += 7;
} else { } else {
return -1; // too large return -1; /* too large */
} }
} while (errn == 0 && (b >> 7) == 1); } while (errn == 0 && (b >> 7) == 1);
// shift actual data into array /* shift actual data into array */
if(uint64_4 != 0) { if(uint64_4 != 0) {
// 7 octets for uint64_1 /* 7 octets for uint64_1 */
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 1 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 1 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 2 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 2 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 3 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 3 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 4 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 4 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 5 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 5 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 6 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 6 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 7 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 7 */
// 7 octets for uint64_2 /* 7 octets for uint64_2 */
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 1 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 1 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 2 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 2 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 3 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 3 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 4 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 4 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 5 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 5 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 6 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 6 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 7 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 7 */
// 7 octets for uint64_3 /* 7 octets for uint64_3 */
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 1 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 1 */
uint64_3 >>= 8; uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 2 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 2 */
uint64_3 >>= 8; uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 3 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 3 */
uint64_3 >>= 8; uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 4 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 4 */
uint64_3 >>= 8; uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 5 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 5 */
uint64_3 >>= 8; uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 6 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 6 */
uint64_3 >>= 8; uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 7 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 7 */
// remaining octets of uint64_4 /* remaining octets of uint64_4 */
while (uint64_4 != 0 && errn == 0) { while (uint64_4 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_4 & 0xFF; data[(*len)++] = uint64_4 & 0xFF;
uint64_4 >>= 8; uint64_4 >>= 8;
} }
} else if(uint64_3 != 0) { } else if(uint64_3 != 0) {
// 7 octets for uint64_1 /* 7 octets for uint64_1 */
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 1 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 1 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 2 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 2 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 3 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 3 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 4 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 4 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 5 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 5 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 6 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 6 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 7 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 7 */
// 7 octets for uint64_2 /* 7 octets for uint64_2 */
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 1 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 1 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 2 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 2 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 3 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 3 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 4 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 4 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 5 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 5 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 6 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 6 */
uint64_2 >>= 8; uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 7 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 7 */
// remaining octets of uint64_3 /* remaining octets of uint64_3 */
while (uint64_3 != 0 && errn == 0) { while (uint64_3 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_3 & 0xFF; data[(*len)++] = uint64_3 & 0xFF;
uint64_3 >>= 8; uint64_3 >>= 8;
} }
} else if(uint64_2 != 0) { } else if(uint64_2 != 0) {
// 7 octets for uint64_1 /* 7 octets for uint64_1 */
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 1 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 1 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 2 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 2 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 3 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 3 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 4 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 4 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 5 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 5 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 6 if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 6 */
uint64_1 >>= 8; uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 7 if(*len >= size) {
// remaining octets of uint64_2 return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 7 */
/* remaining octets of uint64_2 */
while (uint64_2 != 0 && errn == 0) { while (uint64_2 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_2 & 0xFF; data[(*len)++] = uint64_2 & 0xFF;
uint64_2 >>= 8; uint64_2 >>= 8;
} }
} else if(uint64_1 != 0) { } else if(uint64_1 != 0) {
while (uint64_1 != 0 && errn == 0) { while (uint64_1 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_1 & 0xFF; data[(*len)++] = uint64_1 & 0xFF;
uint64_1 >>= 8; uint64_1 >>= 8;
} }