fix: possible memory corruption bug when parsing X509 serial numbers

git-svn-id: https://svn.code.sf.net/p/openv2g/code/trunk@118 d9f2db14-54d0-4bde-b00c-16405c910529
This commit is contained in:
daniel_peintner 2022-03-11 06:49:25 +00:00
parent 6a5f291f88
commit 9bb3ff36d1

View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2007-2018 Siemens AG
* Copyright (C) 2007-2022 Siemens AG
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published
@ -18,7 +18,7 @@
/*******************************************************************
*
* @author Daniel.Peintner.EXT@siemens.com
* @version 2017-03-02
* @version 2022-03-08
* @contact Richard.Kuntschke@siemens.com
*
* <p>Code generated by EXIdizer</p>
@ -314,121 +314,259 @@ int decodeUnsignedIntegerBig(bitstream_t* stream, size_t size, uint8_t* data, si
uint64_4 += ((uint64_t) (b & 127)) << mShift4;
mShift4 += 7;
} else {
return -1; // too large
return -1; /* too large */
}
} while (errn == 0 && (b >> 7) == 1);
// shift actual data into array
/* shift actual data into array */
if(uint64_4 != 0) {
// 7 octets for uint64_1
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 1
/* 7 octets for uint64_1 */
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 1 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 2
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 2 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 3
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 3 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 4
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 4 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 5
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 5 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 6
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 6 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 7
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 7 */
// 7 octets for uint64_2
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 1
/* 7 octets for uint64_2 */
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 1 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 2
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 2 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 3
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 3 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 4
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 4 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 5
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 5 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 6
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 6 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 7
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 7 */
// 7 octets for uint64_3
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 1
/* 7 octets for uint64_3 */
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 1 */
uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 2
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 2 */
uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 3
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 3 */
uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 4
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 4 */
uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 5
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 5 */
uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 6
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 6 */
uint64_3 >>= 8;
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); // 7
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_3 & 0xFF); /* 7 */
// remaining octets of uint64_4
/* remaining octets of uint64_4 */
while (uint64_4 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_4 & 0xFF;
uint64_4 >>= 8;
}
} else if(uint64_3 != 0) {
// 7 octets for uint64_1
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 1
/* 7 octets for uint64_1 */
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 1 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 2
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 2 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 3
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 3 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 4
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 4 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 5
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 5 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 6
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 6 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 7
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 7 */
// 7 octets for uint64_2
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 1
/* 7 octets for uint64_2 */
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 1 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 2
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 2 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 3
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 3 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 4
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 4 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 5
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 5 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 6
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 6 */
uint64_2 >>= 8;
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); // 7
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_2 & 0xFF); /* 7 */
// remaining octets of uint64_3
/* remaining octets of uint64_3 */
while (uint64_3 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_3 & 0xFF;
uint64_3 >>= 8;
}
} else if(uint64_2 != 0) {
// 7 octets for uint64_1
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 1
/* 7 octets for uint64_1 */
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 1 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 2
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 2 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 3
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 3 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 4
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 4 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 5
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 5 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 6
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 6 */
uint64_1 >>= 8;
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); // 7
// remaining octets of uint64_2
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = (uint8_t)(uint64_1 & 0xFF); /* 7 */
/* remaining octets of uint64_2 */
while (uint64_2 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_2 & 0xFF;
uint64_2 >>= 8;
}
} else if(uint64_1 != 0) {
while (uint64_1 != 0 && errn == 0) {
if(*len >= size) {
return EXI_ERROR_OUT_OF_BOUNDS;
}
data[(*len)++] = uint64_1 & 0xFF;
uint64_1 >>= 8;
}