help-libtasn1
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Parser bug.


From: Nikos Mavrogiannopoulos
Subject: Re: Parser bug.
Date: Wed, 12 Dec 2018 09:57:34 +0100

I was a user of libtasn1 too until I became its maintainer :)
It could be indeed an issue, though it is not a visible issue on common uses of the tools. I'd suggest to report it to our issue tracker so we don't lose it:
https://gitlab.com/gnutls/libtasn1/issues
We already have another similar issue reported for the tools, so I guess having these bugs would be useful if we do a cleanup at some point.

regards,
Nikos


On Mon, Dec 10, 2018 at 8:24 AM Terry Jones <address@hidden> wrote:
Hello and you are welcome, I just found this the other night when I loaded a new install of Ubuntu 18.04 on a new machine that I built.  So as I made up all the Gnu tools that I needed, I stumbled on this one.  It looks like a problem, and it will walk as you change buffer size, and I don't see a quick fix.  I am not a maintainer just a new list member and a long time user of Gnu tools.  Not sure I have a workaround, it does seem like a problem.

Terry


10.12.2018, 07:04, "Nikos Mavrogiannopoulos" <address@hidden>:
Thank you for that. Would you like to send a merge request with a fix and a reproducer?

regards,
Nikos


On Sun, Dec 9, 2018 at 10:20 PM Terry Jones <address@hidden> wrote:
Found a bug in the parser for Gnu libtasn1-4.9, they in the case of making the tokens and by that adding a "-" to the string go over the length of their buffer.  So the problem is using a sizeof on the buffer size and making the buffer too short.  Looks like two problems, this way the problem creeps as you grow the buffer to add room for the "-":
 
GNU C17 (GCC) version 8.2.0 (x86_64-pc-linux-gnu)
    compiled by GNU C version 8.2.0, GMP version 6.1.2, MPFR version 4.0.1, MPC version 1.1.0, isl version none
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: 81f798d4ff0871f00b0a4f3f1296b20a
ASN1.c: In function '_asn1_yyparse':
ASN1.y:164:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=]
                 | '-' NUM        {snprintf($$,sizeof($$),"-%s",$2);}
                                               ^~~~~
ASN1.y:164:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65
                 | '-' NUM        {snprintf($$,sizeof($$),"-%s",$2);}
      ^          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASN1.y:152:47: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=]
 neg_num : '-' NUM     {snprintf($$,sizeof($$),"-%s",$2);}
                                               ^~~~~
ASN1.y:152:6: note: 'snprintf' output between 2 and 66 bytes into a destination of size 65
 neg_num : '-' NUM     {snprintf($$,sizeof($$),"-%s",$2);}
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~          
cc1: all warnings being treated as errors
Makefile:1112: recipe for target 'ASN1.lo' failed
 
This looks to be more than just a warning, since it looks like the buffer is being over extended.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]