lib/asn1: set *size output to zero at start of der funcs

Assign zero to the output size parameter at the start so that callers that use the value when an error occurs do not see garbage that might be misinterpreted. Change-Id: Iccfcf4f6944b1bf72789c83919901d9b9d6f9153
2022-01-19 22:53:25 -05:00
parent 8dcd05ed4d
commit 38536d7313
2 changed files with 65 additions and 4 deletions
--- a/lib/asn1/der_get.c
+++ b/lib/asn1/der_get.c
@@ -174,6 +174,9 @@ der_get_general_string (const unsigned char *p, size_t len,
    const unsigned char *p1;
    char *s;

+    if (size)
+	*size = 0;
+
    p1 = memchr(p, 0, len);
    if (p1 != NULL) {
 	/*
@@ -217,6 +220,9 @@ int ASN1CALL
 der_get_printable_string(const unsigned char *p, size_t len,
 			 heim_printable_string *str, size_t *size)
 {
+    if (size)
+	*size = 0;
+
    if (len == SIZE_MAX) {
 	gen_data_zero(str);
 	return ASN1_BAD_LENGTH;
@@ -246,6 +252,9 @@ der_get_bmp_string (const unsigned char *p, size_t len,
 {
    size_t i;

+    if (size)
+	*size = 0;
+
    if (len & 1) {
 	gen_data_zero(data);
 	return ASN1_BAD_FORMAT;
@@ -282,6 +291,9 @@ der_get_universal_string (const unsigned char *p, size_t len,
 {
    size_t i;

+    if (size)
+	*size = 0;
+
    if (len & 3) {
 	gen_data_zero(data);
 	return ASN1_BAD_FORMAT;
@@ -322,6 +334,8 @@ int ASN1CALL
 der_get_octet_string (const unsigned char *p, size_t len,
 		      heim_octet_string *data, size_t *size)
 {
+    if (size)
+	*size = 0;
    data->length = len;
    data->data = malloc(len);
    if (data->data == NULL && data->length != 0)
@@ -341,6 +355,9 @@ der_get_octet_string_ber (const unsigned char *p, size_t len,
    unsigned int tag, depth = 0;
    size_t l, datalen, oldlen = len;

+    if (size)
+	*size = 0;
+
    data->length = 0;
    data->data = NULL;

@@ -408,11 +425,12 @@ der_get_heim_integer (const unsigned char *p, size_t len,
    data->negative = 0;
    data->data = NULL;

-    if (len == 0) {
-	if (size)
-	    *size = 0;
+    if (size)
+	*size = 0;
+
+    if (len == 0)
 	return 0;
-    }
+
    if (p[0] & 0x80) {
 	unsigned char *q;
 	int carry = 1;
@@ -493,6 +511,9 @@ der_get_time (const unsigned char *p, size_t len,
    char *times;
    int e;

+    if (size)
+	*size = 0;
+
    if (len == SIZE_MAX || len == 0)
 	return ASN1_BAD_LENGTH;

@@ -528,6 +549,9 @@ der_get_oid (const unsigned char *p, size_t len,
    size_t n;
    size_t oldlen = len;

+    if (size)
+	*size = 0;
+
    if (len < 1)
 	return ASN1_OVERRUN;

@@ -575,6 +599,10 @@ der_get_tag (const unsigned char *p, size_t len,
 	     unsigned int *tag, size_t *size)
 {
    size_t ret = 0;
+
+    if (size)
+	*size = 0;
+
    if (len < 1)
 	return ASN1_MISSING_FIELD;
    *cls = (Der_class)(((*p) >> 6) & 0x03);
@@ -625,6 +653,9 @@ der_match_tag2 (const unsigned char *p, size_t len,
    unsigned int thistag;
    int e;

+    if (size)
+	*size = 0;
+
    e = der_get_tag(p, len, &thisclass, type, &thistag, &l);
    if (e) return e;
    /*
@@ -700,6 +731,9 @@ int ASN1CALL
 der_get_bit_string (const unsigned char *p, size_t len,
 		    heim_bit_string *data, size_t *size)
 {
+    if (size)
+	*size = 0;
+
    if (len < 1)
 	return ASN1_OVERRUN;
    if (p[0] > 7)