Ticket History #2542: ASN.1 high tag number decode wrong

# Wed Apr 21 18:48:33 2004 Zhihong Zhang <zhang@aol.net> - Ticket created

From:	Zhihong Zhang <zhang@aol.net>
To:	krb5-bugs@mit.edu
Date:	Wed, 21 Apr 2004 11:14:06 EDT
Subject:	DER Bug

Download (untitled) / with headers
text/plain 332B

Found a bug in the DER decoder of KRB5-1.28.

This loop in asn1_get.c is wrong,

do{
retval = asn1buf_remove_octet(buf,&o);
if(retval) return retval;
tn = (tn<<7) + (asn1_tagnum)(o&0x7F);
}while(tn&0x80);

It should be "while(o&0x80)".

The effect is that it can't decode any tags bigger than 30.

Zhihong

# Wed Apr 21 18:48:33 2004 Zhihong Zhang <zhang@aol.net> - Ticket #2543: - Ticket created

From:	Zhihong Zhang <zhang@aol.net>
To:	krb5-bugs@mit.edu
Date:	Wed, 21 Apr 2004 18:24:44 EDT
Subject:	DER Bug

Download (untitled) / with headers
text/plain 492B

I found this bug in MIT code. If you have the same code, you should
fix it. This breaks any tag bigger than 30.

Zhihong

Show quoted text

>
> Found a bug in the DER decoder of KRB5-1.28.
>
> This loop in asn1_get.c is wrong,
>
> do{
> retval = asn1buf_remove_octet(buf,&o);
> if(retval) return retval;
> tn = (tn<<7) + (asn1_tagnum)(o&0x7F);
> }while(tn&0x80);
>
> It should be "while(o&0x80)".
>
> The effect is that it can't decode any tags bigger than 30.
>
> Zhihong
>

# Fri Apr 23 16:12:45 2004 tlyu (Taylor Yu) - Ticket #2543: - Ticket 2543 MergedInto ticket 2542.

# Fri Sep 30 19:34:13 2005 tlyu (Taylor Yu) - Subject changed from 'DER Bug' to 'ASN.1 high tag number decode wrong'

# Fri Sep 30 19:34:13 2005 tlyu (Taylor Yu) - Status changed from 'new' to 'open'

# Fri Sep 30 19:34:13 2005 tlyu (Taylor Yu) - Given to tlyu (Taylor Yu)

# Fri Sep 30 19:34:14 2005 tlyu (Taylor Yu) - Component krb5-libs added

# Fri Sep 30 19:34:14 2005 tlyu (Taylor Yu) - Version_reported 1.2.8 added

# Mon Oct 03 17:17:04 2005 tlyu (Taylor Yu) - Status changed from 'open' to 'resolved'

# Mon Oct 03 17:17:05 2005 tlyu (Taylor Yu) - Tags pullup added

# Mon Oct 03 17:17:06 2005 tlyu (Taylor Yu) - Target_Version 1.4.3 added

# Mon Oct 03 17:17:06 2005 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 226B

* asn1_get.c (asn1_get_tag_2): Patch from Zhihong Zhang to properly
handle tag numbers >= 30.

Commit By: tlyu

Revision: 17400
Changed Files:
U trunk/src/lib/krb5/asn.1/ChangeLog
U trunk/src/lib/krb5/asn.1/asn1_get.c

# Wed Oct 12 00:54:44 2005 tlyu (Taylor Yu) - Version_Fixed 1.4.3 added

# Wed Oct 12 00:54:45 2005 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 180B

pull up r17400 from trunk

Commit By: tlyu

Revision: 17418
Changed Files:
U branches/krb5-1-4/src/lib/krb5/asn.1/ChangeLog
U branches/krb5-1-4/src/lib/krb5/asn.1/asn1_get.c

# Wed Dec 16 18:02:42 2015 tlyu (Taylor Yu) - CustomField pullup deleted