GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/asn1/a_d2i_fp.c Lines: 61 113 54.0 %
Date: 2017-11-07 Branches: 30 76 39.5 %

Line Branch Exec Source
1
/* $OpenBSD: a_d2i_fp.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
59
#include <limits.h>
60
#include <stdio.h>
61
62
#include <openssl/asn1.h>
63
#include <openssl/buffer.h>
64
#include <openssl/err.h>
65
66
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
67
68
#ifndef NO_OLD_ASN1
69
70
void *
71
ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
72
{
73
	BIO *b;
74
	void *ret;
75
76
	if ((b = BIO_new(BIO_s_file())) == NULL) {
77
		ASN1error(ERR_R_BUF_LIB);
78
		return (NULL);
79
	}
80
	BIO_set_fp(b, in, BIO_NOCLOSE);
81
	ret = ASN1_d2i_bio(xnew, d2i, b, x);
82
	BIO_free(b);
83
	return (ret);
84
}
85
86
void *
87
ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
88
{
89
	BUF_MEM *b = NULL;
90
	const unsigned char *p;
91
	void *ret = NULL;
92
	int len;
93
94
	len = asn1_d2i_read_bio(in, &b);
95
	if (len < 0)
96
		goto err;
97
98
	p = (unsigned char *)b->data;
99
	ret = d2i(x, &p, len);
100
101
err:
102
	if (b != NULL)
103
		BUF_MEM_free(b);
104
	return (ret);
105
}
106
107
#endif
108
109
void *
110
ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
111
{
112
40
	BUF_MEM *b = NULL;
113
20
	const unsigned char *p;
114
	void *ret = NULL;
115
	int len;
116
117
20
	len = asn1_d2i_read_bio(in, &b);
118
20
	if (len < 0)
119
		goto err;
120
121
20
	p = (const unsigned char *)b->data;
122
20
	ret = ASN1_item_d2i(x, &p, len, it);
123
124
err:
125
20
	if (b != NULL)
126
20
		BUF_MEM_free(b);
127
20
	return (ret);
128
20
}
129
130
void *
131
ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
132
{
133
	BIO *b;
134
	char *ret;
135
136
	if ((b = BIO_new(BIO_s_file())) == NULL) {
137
		ASN1error(ERR_R_BUF_LIB);
138
		return (NULL);
139
	}
140
	BIO_set_fp(b, in, BIO_NOCLOSE);
141
	ret = ASN1_item_d2i_bio(it, b, x);
142
	BIO_free(b);
143
	return (ret);
144
}
145
146
#define HEADER_SIZE   8
147
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
148
static int
149
asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
150
{
151
	BUF_MEM *b;
152
	unsigned char *p;
153
	int i;
154
40
	ASN1_const_CTX c;
155
	size_t want = HEADER_SIZE;
156
	int eos = 0;
157
	size_t off = 0;
158
	size_t len = 0;
159
160
20
	b = BUF_MEM_new();
161
20
	if (b == NULL) {
162
		ASN1error(ERR_R_MALLOC_FAILURE);
163
		return -1;
164
	}
165
166
20
	ERR_clear_error();
167
20
	for (;;) {
168
20
		if (want >= (len - off)) {
169
20
			want -= (len - off);
170
171

40
			if (len + want < len ||
172
20
			    !BUF_MEM_grow_clean(b, len + want)) {
173
				ASN1error(ERR_R_MALLOC_FAILURE);
174
				goto err;
175
			}
176
20
			i = BIO_read(in, &(b->data[len]), want);
177

20
			if ((i < 0) && ((len - off) == 0)) {
178
				ASN1error(ASN1_R_NOT_ENOUGH_DATA);
179
				goto err;
180
			}
181
20
			if (i > 0) {
182
20
				if (len + i < len) {
183
					ASN1error(ASN1_R_TOO_LONG);
184
					goto err;
185
				}
186
				len += i;
187
20
			}
188
		}
189
		/* else data already loaded */
190
191
20
		p = (unsigned char *) & (b->data[off]);
192
20
		c.p = p;
193
40
		c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag),
194
20
		    &(c.xclass), len - off);
195
20
		if (c.inf & 0x80) {
196
			unsigned long e;
197
198
20
			e = ERR_GET_REASON(ERR_peek_error());
199
20
			if (e != ASN1_R_TOO_LONG)
200
				goto err;
201
			else
202
20
				ERR_clear_error(); /* clear error */
203
20
		}
204
20
		i = c.p - p;	/* header length */
205
20
		off += i;	/* end of data */
206
207
20
		if (c.inf & 1) {
208
			/* no data body so go round again */
209
			eos++;
210
			if (eos < 0) {
211
				ASN1error(ASN1_R_HEADER_TOO_LONG);
212
				goto err;
213
			}
214
			want = HEADER_SIZE;
215

20
		} else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
216
			/* eos value, so go back and read another header */
217
			eos--;
218
			if (eos <= 0)
219
				break;
220
			else
221
				want = HEADER_SIZE;
222
		} else {
223
			/* suck in c.slen bytes of data */
224
20
			want = c.slen;
225
20
			if (want > (len - off)) {
226
				size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
227
228
20
				want -= (len - off);
229

40
				if (want > INT_MAX /* BIO_read takes an int length */ ||
230
20
				    len+want < len) {
231
					ASN1error(ASN1_R_TOO_LONG);
232
					goto err;
233
				}
234
40
				while (want > 0) {
235
					/*
236
					 * Read content in chunks of increasing size
237
					 * so we can return an error for EOF without
238
					 * having to allocate the entire content length
239
					 * in one go.
240
					 */
241
20
					size_t chunk = want > chunk_max ? chunk_max : want;
242
243
20
					if (!BUF_MEM_grow_clean(b, len + chunk)) {
244
						ASN1error(ERR_R_MALLOC_FAILURE);
245
						goto err;
246
					}
247
20
					want -= chunk;
248
80
					while (chunk > 0) {
249
20
						i = BIO_read(in, &(b->data[len]), chunk);
250
20
						if (i <= 0) {
251
							ASN1error(ASN1_R_NOT_ENOUGH_DATA);
252
							goto err;
253
						}
254
						/*
255
						 * This can't overflow because |len+want|
256
						 * didn't overflow.
257
						 */
258
20
						len += i;
259
20
						chunk -= i;
260
					}
261
20
					if (chunk_max < INT_MAX/2)
262
20
						chunk_max *= 2;
263
20
				}
264
20
			}
265
20
			if (off + c.slen < off) {
266
				ASN1error(ASN1_R_TOO_LONG);
267
				goto err;
268
			}
269
			off += c.slen;
270
20
			if (eos <= 0) {
271
				break;
272
			} else
273
				want = HEADER_SIZE;
274
		}
275
	}
276
277
20
	if (off > INT_MAX) {
278
		ASN1error(ASN1_R_TOO_LONG);
279
		goto err;
280
	}
281
282
20
	*pb = b;
283
20
	return off;
284
285
err:
286
	if (b != NULL)
287
		BUF_MEM_free(b);
288
	return -1;
289
20
}