Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cbor_value_map_find_value may crash with invalid input #167

Closed
thiagomacieira opened this issue Oct 11, 2019 · 3 comments · Fixed by #168
Closed

cbor_value_map_find_value may crash with invalid input #167

thiagomacieira opened this issue Oct 11, 2019 · 3 comments · Fixed by #168
Assignees
@thiagomacieira

Comments

@thiagomacieira
Copy link
Member 

#define VERIFY_CBOR(x) do { if (!(x)) return 0; } while(0)

uint8_t buffer [128] = {0xbf,0x64,0x0a,0xe0,0xb5,0xbf,0x04,0x00,0xff,0x1e,0xff,0xff,0x80,0xbf,0xa4,0xbf,0xff,0x14,0x00,0x14,0x00,0xbf,0xbf,0xbf,0xe4,0xbf,0xbf,0x43,0xbf,0xbf,0xa0,0x13,0xaa,0xaa,0xaa,0xaa,0x70,0xaa,0xaa,0xaa,0xaa,0xaa,0xea,0xaa,0xae,0x05,0x11,0x62,0x78,0x7c,0x05,0x03,0x18,0x00,0x10,0x40,0x20,0x80,0x61,0x00,0xd8,0x00,0x00,0x00,0xde,0x00,0x00,0xcf,0x35,0x10,0x1e,0x00,0x00,0x00,0x00,0x00,0x80,0x00,0xaa,0xff,0xaa,0xaa,0x00,0x01,0x07,0x00,0xaa,0xaa,0xac,0x05,0x03,0x1a,0x82,0xa4,0x40,0x0d,0x80,0x35,0x78,0xac,0x05,0x00,0x00,0x00,0x7f,0xff,0xff,0xff,0xa8,0xf2,0x61,0x00,0xd8,0x00,0x00,0x00,0xcf,0x62,0x78,0x78,0xac,0x05,0x00,0xbd,0x11,0xb6,0x03,0x66};

size_t len;
CborParser parser;
CborValue  it;
CborValue result;

VERIFY_CBOR(cbor_parser_init(buffer, sizeof(buffer), 0, &parser, &it) == CborNoError);
VERIFY_CBOR(cbor_value_is_map(&it));

VERIFY_CBOR(cbor_value_map_find_value(&it, "c", &result) == CborNoError);

The last VERIFY_CBOR is expected to fail, but not crash.
@TSonono
@thiagomacieira thiagomacieira self-assigned this Oct 11, 2019
@thiagomacieira thiagomacieira mentioned this issue Oct 11, 2019
Open
@TSonono
Copy link

TSonono commented Oct 13, 2019

Ran it now. Results in the following:

Assertion failed: (it->type != CborInvalidType), function cbor_value_advance, file
/Users/tsonono/repos/cbor-c-test/app/external/tinycbor/src/cborparser.c, line 526.

@thiagomacieira
Copy link
Member Author

Added a test, cannot reproduce in 0.6 (dev branch).

@thiagomacieira
Copy link
Member Author

Seems it got fixed by 2b2d663.

thiagomacieira added a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
@thiagomacieira
Parser: validate that maps have both key and value items
7484726 
If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 293)
e73a9a1 
Matching commit 7484726:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 293)
fa5ba3b 
Matching commit 7484726:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira added a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
@thiagomacieira
Parser: validate that maps have both key and value items
0857361 
If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 294)
c22868c 
Matching commit 0857361:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira added a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
@thiagomacieira
Parser: validate that maps have both key and value items
f8a1c94 
If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 295)
2ac70fe 
Matching commit f8a1c94:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 295)
ac27f13 
Matching commit f8a1c94:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 295)
8856942 
Matching commit f8a1c94:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 295)
6099e2b 
Matching commit f8a1c94:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit to thiagomacieira/tinycbor that referenced this issue Oct 15, 2019
Update docs for 0.5 (Travis build 295)
2bd380c 
Matching commit f8a1c94:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes intel#167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
@thiagomacieira thiagomacieira mentioned this issue Oct 15, 2019
Merged
thiagomacieira added a commit that referenced this issue Oct 22, 2019
@thiagomacieira
Parser: validate that maps have both key and value items
755f9ef 
If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes #167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit that referenced this issue Oct 22, 2019
Update docs for 0.5 (Travis build 209)
2f778b6 
Matching commit 755f9ef:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes #167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit that referenced this issue Oct 22, 2019
Update docs for 0.5 (Travis build 209)
637ec6a 
Matching commit 755f9ef:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes #167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit that referenced this issue Oct 22, 2019
Update docs for 0.5 (Travis build 209)
7d74ee4 
Matching commit 755f9ef:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes #167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit that referenced this issue Oct 22, 2019
Update docs for 0.5 (Travis build 209)
6a7f448 
Matching commit 755f9ef:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes #167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
thiagomacieira pushed a commit that referenced this issue Oct 22, 2019
Update docs for 0.5 (Travis build 209)
e46715c 
Matching commit 755f9ef:
Parser: validate that maps have both key and value items

If a map end (Break byte) occurs before we've read the concrete item for
the value, then the map is invalid.

Fixes #167

Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thiagomacieira thiagomacieira

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Parser: validate that maps have both key and value items thiagomacieira/tinycbor
2 participants
@thiagomacieira @TSonono