Skip to content

Commit

Permalink
check for zero-length strings and octets
Browse files Browse the repository at this point in the history
  • Loading branch information
@alandekok
alandekok committed Nov 11, 2024
1 parent 230f8c7 commit cf2dfd4
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 5 deletions.
9 changes: 5 additions & 4 deletions src/lib/util/cbor.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,8 @@ static ssize_t cbor_encode_octets(fr_dbuff_t *dbuff, uint8_t const *data, size_t
slen = cbor_encode_integer(&work_dbuff, CBOR_OCTETS, data_len);
if (slen <= 0) return slen;

FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, data, data_len);
if (data_len > 0) FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, data, data_len);

return fr_dbuff_set(dbuff, &work_dbuff);
}

Expand Down Expand Up @@ -224,7 +225,7 @@ ssize_t fr_cbor_encode_value_box(fr_dbuff_t *dbuff, fr_value_box_t *vb)
slen = cbor_encode_integer(&work_dbuff, CBOR_STRING, vb->vb_length);
if (slen <= 0) return slen;

FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vb->vb_strvalue, vb->vb_length);
if (vb->vb_length) FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, vb->vb_strvalue, vb->vb_length);
break;

/*
Expand Down Expand Up @@ -835,7 +836,7 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
return -1;
}
talloc_set_type(ptr, char);
FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
if (value) FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
ptr[value] = '\0';

if (type == FR_TYPE_NULL) fr_value_box_init(vb, FR_TYPE_STRING, enumv, tainted);
Expand Down Expand Up @@ -871,7 +872,7 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
if (type == FR_TYPE_NULL) fr_value_box_init(vb, FR_TYPE_OCTETS, enumv, tainted);
fr_value_box_memdup_shallow(vb, NULL, (uint8_t const *) ptr, value, false); /* tainted? */

FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
if (value) FR_DBUFF_OUT_MEMCPY_RETURN(ptr, &work_dbuff, value);
break;

case CBOR_INTEGER:
Expand Down
17 changes: 16 additions & 1 deletion src/tests/unit/protocols/cbor/base.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,5 +72,20 @@ match Vendor-Specific = { Nokia-SR = { raw.255 = 3600.5 } }
encode-pair Vendor-Specific = { Nokia-SR = { raw.255 = (time_delta) 3600.5 } }
match 9f a1 18 1a 9f a1 19 19 7f 9f a1 18 ff 66 33 36 30 30 2e 35 ff ff ff

#
# Zero-length strings and octets
#
encode-pair User-Name = ""
match 9f a1 01 40 ff

decode-pair -
match User-Name = ""

encode-pair Class = 0x
match 9f a1 18 19 60 ff

decode-pair -
match Class = 0x

count
match 30
match 38

0 comments on commit cf2dfd4

Please sign in to comment.