Merge pull request #911 from hardening/hardening10

Verbose message when processing fails
This commit is contained in:
Marc-André Moreau 2013-01-18 11:30:25 -08:00
commit 3f3d30cd4d
2 changed files with 78 additions and 14 deletions

View File

@ -123,6 +123,29 @@
* *
*/ */
static const char *certificate_read_errors[] = {
"Certificate tag",
"TBSCertificate",
"Explicit Contextual Tag [0]",
"version",
"CertificateSerialNumber",
"AlgorithmIdentifier",
"Issuer Name",
"Validity",
"Subject Name",
"SubjectPublicKeyInfo Tag",
"subjectPublicKeyInfo::AlgorithmIdentifier",
"subjectPublicKeyInfo::subjectPublicKey",
"RSAPublicKey Tag",
"modulusLength",
"zero padding",
"modulusLength",
"modulus",
"publicExponent length",
"publicExponent"
};
/** /**
* Read X.509 Certificate * Read X.509 Certificate
* @param certificate certificate module * @param certificate certificate module
@ -137,6 +160,7 @@ BOOL certificate_read_x509_certificate(rdpCertBlob* cert, rdpCertInfo* info)
UINT32 version; UINT32 version;
int modulus_length; int modulus_length;
int exponent_length; int exponent_length;
int error = 0;
s = stream_new(0); s = stream_new(0);
stream_attach(s, cert->data, cert->length); stream_attach(s, cert->data, cert->length);
@ -144,55 +168,68 @@ BOOL certificate_read_x509_certificate(rdpCertBlob* cert, rdpCertInfo* info)
if(!ber_read_sequence_tag(s, &length)) /* Certificate (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length)) /* Certificate (SEQUENCE) */
goto error1; goto error1;
error++;
if(!ber_read_sequence_tag(s, &length)) /* TBSCertificate (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length)) /* TBSCertificate (SEQUENCE) */
goto error1; goto error1;
error++;
/* Explicit Contextual Tag [0] */ if(!ber_read_contextual_tag(s, 0, &length, TRUE)) /* Explicit Contextual Tag [0] */
if(!ber_read_contextual_tag(s, 0, &length, TRUE))
goto error1; goto error1;
error++;
if(!ber_read_integer(s, &version)) /* version (INTEGER) */ if(!ber_read_integer(s, &version)) /* version (INTEGER) */
goto error1; goto error1;
error++;
version++; version++;
/* serialNumber */ /* serialNumber */
if(!ber_read_integer(s, NULL)) /* CertificateSerialNumber (INTEGER) */ if(!ber_read_integer(s, NULL)) /* CertificateSerialNumber (INTEGER) */
goto error1; goto error1;
error++;
/* signature */ /* signature */
if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* AlgorithmIdentifier (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* AlgorithmIdentifier (SEQUENCE) */
goto error1; goto error1;
error++;
/* issuer */ /* issuer */
if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* Name (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* Name (SEQUENCE) */
goto error1; goto error1;
error++;
/* validity */ /* validity */
if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* Validity (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* Validity (SEQUENCE) */
goto error1; goto error1;
error++;
/* subject */ /* subject */
if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* Name (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* Name (SEQUENCE) */
goto error1; goto error1;
error++;
/* subjectPublicKeyInfo */ /* subjectPublicKeyInfo */
if(!ber_read_sequence_tag(s, &length)) /* SubjectPublicKeyInfo (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length)) /* SubjectPublicKeyInfo (SEQUENCE) */
goto error1; goto error1;
error++;
/* subjectPublicKeyInfo::AlgorithmIdentifier */ /* subjectPublicKeyInfo::AlgorithmIdentifier */
if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* AlgorithmIdentifier (SEQUENCE) */ if(!ber_read_sequence_tag(s, &length) || !stream_skip(s, length)) /* AlgorithmIdentifier (SEQUENCE) */
goto error1; goto error1;
error++;
/* subjectPublicKeyInfo::subjectPublicKey */ /* subjectPublicKeyInfo::subjectPublicKey */
if(!ber_read_bit_string(s, &length, &padding)) /* BIT_STRING */ if(!ber_read_bit_string(s, &length, &padding)) /* BIT_STRING */
goto error1; goto error1;
error++;
/* RSAPublicKey (SEQUENCE) */ /* RSAPublicKey (SEQUENCE) */
if(!ber_read_sequence_tag(s, &length)) /* SEQUENCE */ if(!ber_read_sequence_tag(s, &length)) /* SEQUENCE */
goto error1; goto error1;
error++;
if(!ber_read_integer_length(s, &modulus_length)) /* modulus (INTEGER) */ if(!ber_read_integer_length(s, &modulus_length)) /* modulus (INTEGER) */
goto error1; goto error1;
error++;
/* skip zero padding, if any */ /* skip zero padding, if any */
do do
@ -209,16 +246,19 @@ BOOL certificate_read_x509_certificate(rdpCertBlob* cert, rdpCertInfo* info)
} }
} }
while (padding == 0); while (padding == 0);
error++;
if(stream_get_left(s) < modulus_length) if(stream_get_left(s) < modulus_length)
goto error1; goto error1;
info->ModulusLength = modulus_length; info->ModulusLength = modulus_length;
info->Modulus = (BYTE*) malloc(info->ModulusLength); info->Modulus = (BYTE*) malloc(info->ModulusLength);
stream_read(s, info->Modulus, info->ModulusLength); stream_read(s, info->Modulus, info->ModulusLength);
error++;
if(!ber_read_integer_length(s, &exponent_length)) /* publicExponent (INTEGER) */ if(!ber_read_integer_length(s, &exponent_length)) /* publicExponent (INTEGER) */
goto error2; goto error2;
if(stream_get_left(s) < exponent_length) error++;
if(stream_get_left(s) < exponent_length || exponent_length > 4)
goto error2; goto error2;
stream_read(s, &info->exponent[4 - exponent_length], exponent_length); stream_read(s, &info->exponent[4 - exponent_length], exponent_length);
crypto_reverse(info->Modulus, info->ModulusLength); crypto_reverse(info->Modulus, info->ModulusLength);
@ -232,6 +272,7 @@ error2:
free(info->Modulus); free(info->Modulus);
info->Modulus = 0; info->Modulus = 0;
error1: error1:
printf("error reading when reading certificate: part=%s error=%d\n", certificate_read_errors[error], error);
stream_detach(s); stream_detach(s);
stream_free(s); stream_free(s);
return FALSE; return FALSE;

View File

@ -501,8 +501,10 @@ static INLINE BOOL update_read_delta_points(STREAM* s, DELTA_POINT* points, int
do {\ do {\
if (orderInfo->fieldFlags & (1 << (NO-1))) \ if (orderInfo->fieldFlags & (1 << (NO-1))) \
{ \ { \
if(stream_get_left(s) < 1) \ if(stream_get_left(s) < 1) {\
printf("%s: error reading %s\n", __func__, #TARGET); \
return FALSE; \ return FALSE; \
} \
stream_read_BYTE(s, TARGET); \ stream_read_BYTE(s, TARGET); \
} \ } \
} while(0) } while(0)
@ -511,8 +513,10 @@ static INLINE BOOL update_read_delta_points(STREAM* s, DELTA_POINT* points, int
do {\ do {\
if (orderInfo->fieldFlags & (1 << (NO-1))) \ if (orderInfo->fieldFlags & (1 << (NO-1))) \
{ \ { \
if(stream_get_left(s) < 2) \ if(stream_get_left(s) < 2) { \
printf("%s: error reading %s or %s\n", __func__, #TARGET1, #TARGET2); \
return FALSE; \ return FALSE; \
} \
stream_read_BYTE(s, TARGET1); \ stream_read_BYTE(s, TARGET1); \
stream_read_BYTE(s, TARGET2); \ stream_read_BYTE(s, TARGET2); \
} \ } \
@ -522,8 +526,10 @@ static INLINE BOOL update_read_delta_points(STREAM* s, DELTA_POINT* points, int
do {\ do {\
if (orderInfo->fieldFlags & (1 << (NO-1))) \ if (orderInfo->fieldFlags & (1 << (NO-1))) \
{ \ { \
if(stream_get_left(s) < 2) \ if(stream_get_left(s) < 2) { \
printf("%s: error reading %s\n", __func__, #TARGET); \
return FALSE; \ return FALSE; \
} \
stream_read_UINT16(s, TARGET); \ stream_read_UINT16(s, TARGET); \
} \ } \
} while(0) } while(0)
@ -531,25 +537,42 @@ static INLINE BOOL update_read_delta_points(STREAM* s, DELTA_POINT* points, int
do {\ do {\
if (orderInfo->fieldFlags & (1 << (NO-1))) \ if (orderInfo->fieldFlags & (1 << (NO-1))) \
{ \ { \
if(stream_get_left(s) < 4) \ if(stream_get_left(s) < 4) { \
printf("%s: error reading %s\n", __func__, #TARGET); \
return FALSE; \ return FALSE; \
} \
stream_read_UINT32(s, TARGET); \ stream_read_UINT32(s, TARGET); \
} \ } \
} while(0) } while(0)
#define ORDER_FIELD_COORD(NO, TARGET) \ #define ORDER_FIELD_COORD(NO, TARGET) \
if ((orderInfo->fieldFlags & (1 << (NO-1))) && !update_read_coord(s, &TARGET, orderInfo->deltaCoordinates)) \ do { \
return FALSE if ((orderInfo->fieldFlags & (1 << (NO-1))) && !update_read_coord(s, &TARGET, orderInfo->deltaCoordinates)) { \
printf("%s: error reading %s\n", __func__, #TARGET); \
return FALSE; \
} \
} while(0)
#define ORDER_FIELD_COLOR(NO, TARGET) \ #define ORDER_FIELD_COLOR(NO, TARGET) \
if ((orderInfo->fieldFlags & (1 << (NO-1))) && !update_read_color(s, &TARGET)) \ do { \
return FALSE if ((orderInfo->fieldFlags & (1 << (NO-1))) && !update_read_color(s, &TARGET)) { \
printf("%s: error reading %s\n", __func__, #TARGET); \
return FALSE; \
} \
} while(0)
#define FIELD_SKIP_BUFFER16(s, TARGET_LEN) \ #define FIELD_SKIP_BUFFER16(s, TARGET_LEN) \
if(stream_get_left(s) < 2) \ do { \
if(stream_get_left(s) < 2) {\
printf("%s: error reading length %s\n", __func__, #TARGET_LEN); \
return FALSE; \ return FALSE; \
}\
stream_read_UINT16(s, TARGET_LEN); \ stream_read_UINT16(s, TARGET_LEN); \
if(!stream_skip(s, TARGET_LEN)) \ if(!stream_skip(s, TARGET_LEN)) { \
return FALSE printf("%s: error skipping %d bytes\n", __func__, TARGET_LEN); \
return FALSE; \
} \
} while(0)
/* Primary Drawing Orders */ /* Primary Drawing Orders */