[svn] ksba - r238 - in trunk: . src
svn author wk
cvs at cvs.gnupg.org
Thu May 11 13:18:15 CEST 2006
Author: wk
Date: 2006-05-11 13:18:14 +0200 (Thu, 11 May 2006)
New Revision: 238
Modified:
trunk/ChangeLog
trunk/configure.ac
trunk/src/ChangeLog
trunk/src/ber-decoder.c
trunk/src/ber-help.c
Log:
Hack for Seimns CA certificates
(and others with some trailing garbage)
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2006-05-10 10:01:39 UTC (rev 237)
+++ trunk/ChangeLog 2006-05-11 11:18:14 UTC (rev 238)
@@ -1,3 +1,7 @@
+2006-05-11 Werner Koch <wk at g10code.com>
+
+ * configure.ac: Use -Wno-pointer-sign
+
2005-11-24 Werner Koch <wk at g10code.com>
Released 0.9.13.
Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac 2006-05-10 10:01:39 UTC (rev 237)
+++ trunk/configure.ac 2006-05-11 11:18:14 UTC (rev 238)
@@ -84,6 +84,17 @@
if test "$GCC" = yes; then
CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
+
+ AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wno-pointer-sign"
+ AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
+ AC_MSG_RESULT($_gcc_psign)
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_psign" = xyes ; then
+ CFLAGS="$CFLAGS -Wno-pointer-sign"
+ fi
+
fi
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2006-05-10 10:01:39 UTC (rev 237)
+++ trunk/src/ChangeLog 2006-05-11 11:18:14 UTC (rev 238)
@@ -1,3 +1,12 @@
+2006-05-11 Werner Koch <wk at g10code.com>
+
+ * ber-decoder.c (decoder_next): Print error description returned
+ from BER reader in debug mode.
+ (struct ber_decoder_s): New fields OUTER_SEQUENCE_LENGTH,
+ IGNORE_GARBAGE and FIRST_TAG_SEEN.
+ (decoder_next): Implement hack for the Siemens CA to ignore a
+ trailing byte.
+
2006-05-03 Werner Koch <wk at g10code.com>
* ber-decoder.c (decoder_next): Zero out NODE.
Modified: trunk/src/ber-decoder.c
===================================================================
--- trunk/src/ber-decoder.c 2006-05-10 10:01:39 UTC (rev 237)
+++ trunk/src/ber-decoder.c 2006-05-11 11:18:14 UTC (rev 238)
@@ -53,7 +53,9 @@
typedef struct decoder_state_s *DECODER_STATE;
-struct ber_decoder_s {
+/* Context for a decoder. */
+struct ber_decoder_s
+{
AsnNode module; /* the ASN.1 structure */
ksba_reader_t reader;
const char *last_errdesc; /* string with the error description */
@@ -61,15 +63,30 @@
AsnNode root; /* of the expanded parse tree */
DECODER_STATE ds;
int bypass;
+
+ /* Because some certificates actually come with trailing garbage, we
+ use a hack to ignore this garbage. This hack is enabled for data
+ starting with a fixed length sequence and this variable takes the
+ length of this sequence. If it is 0, the hack is not
+ acticated. */
+ unsigned long outer_sequence_length;
+ int ignore_garbage; /* Set to indicate that garpage should be
+ ignored. */
+
+ int first_tag_seen; /* Indicates whether the first tag of a decoder
+ run has been read. */
+
int honor_module_end;
int debug;
int use_image;
- struct {
+ struct
+ {
unsigned char *buf;
size_t used;
size_t length;
} image;
- struct {
+ struct
+ {
int primitive; /* current value is a primitive one */
int length; /* length of the primitive one */
int nhdr; /* length of the header */
@@ -758,6 +775,20 @@
err = _ksba_ber_read_tl (d->reader, &ti);
if (err)
{
+ if (debug)
+ fprintf (stderr, "ber_read_tl error: %s (%s)\n",
+ gpg_strerror (err), ti.err_string? ti.err_string:"");
+ /* This is our actual hack to cope with some trailing garbage:
+ Only if we get an premature EOF and we know that we have read
+ the complete certificate we change the error to EOF. This
+ won't help with all kinds of garbage but it fixes the case
+ where just one byte is appended. This is for example the
+ case with current Siemens certificates. This approach seems
+ to be the least intrusive one. */
+ if (gpg_err_code (err) == GPG_ERR_BAD_BER
+ && d->ignore_garbage
+ && ti.err_string && !strcmp (ti.err_string, "premature EOF"))
+ err = gpg_error (GPG_ERR_EOF);
return err;
}
@@ -768,6 +799,15 @@
fprintf (stderr, ">\n");
}
+ /* Check whether the trailing garbage hack is required. */
+ if (!d->first_tag_seen)
+ {
+ d->first_tag_seen = 1;
+ if (ti.tag == TYPE_SEQUENCE && ti.length && !ti.ndef)
+ d->outer_sequence_length = ti.length;
+ }
+
+ /* Store stuff in the image buffer. */
if (d->use_image)
{
if (!d->image.buf)
@@ -856,6 +896,14 @@
ds->idx? ds->stack[ds->idx-1].length:-1,
ds->cur.nread,
ti.is_constructed? "con":"pri");
+ if (d->outer_sequence_length
+ && ds->idx == 1
+ && ds->cur.nread == d->outer_sequence_length)
+ {
+ if (debug)
+ fprintf (stderr, " Need to stop now\n");
+ d->ignore_garbage = 1;
+ }
if ( ds->idx
&& !ds->stack[ds->idx-1].ndef_length
Modified: trunk/src/ber-help.c
===================================================================
--- trunk/src/ber-help.c 2006-05-10 10:01:39 UTC (rev 237)
+++ trunk/src/ber-help.c 2006-05-11 11:18:14 UTC (rev 238)
@@ -49,6 +49,7 @@
static int
premature_eof (struct tag_info *ti)
{
+ /* Note: We do an strcmp on this string at othyer places. */
ti->err_string = "premature EOF";
return gpg_error (GPG_ERR_BAD_BER);
}
More information about the Gnupg-commits
mailing list