-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libember: Segfault while decoding -0.0 #120
Comments
Thank you very much for reporting these issues. The changes merged in PR #121 should comprehensively address both aspects of the issue. Please report back if you discover further issues with proposed solution. |
The fix added the encoding for -0.0 but didn't change the according length to 1. So the check from ember-plus/libember/Headers/ember/ber/traits/Real.hpp Lines 67 to 68 in e6d97fd
ember-plus/libember/Headers/ember/ber/traits/Real.hpp Lines 105 to 109 in e6d97fd
The decoding worked and the length check also prevented the segfault. The exception message Also note:
|
Good catch, thank you! Fixes libemeber_slim and the EmberPlus Viewer are also necessary, but will be treated with slightly lower priority, as they don't lead to crashes in software using the library. |
libember
Currently the special encoding of -0.0 as described in X.690 (Ch 8.5.9 1 byte, value 0x43) is not handled in libember (and libember-slim) for encoding and decoding and leads to a segmentation fault while decoding as the input length is not checked and the head of the empty stream buffer (which is 0) is dereferenced.
ember-plus/libember/Headers/ember/ber/traits/Real.hpp
Line 179 in 678838b
calls
ember-plus/libember/Headers/ember/ber/traits/Integral.hpp
Line 125 in 678838b
with an empty input and segfaults at
ember-plus/libember/Headers/ember/util/StreamBuffer.hpp
Line 429 in 678838b
while dereferencing m_head (nullptr).
C#
In C# the encoding ist defined https://github.com/Lawo/ember-plus-sharp/blob/1a1c2387c90288b8bae311f318b183659e22c1de/Lawo.EmberPlusSharp/Ember/EmberWriter.cs#L363 , so there is a good chance that a C# client will crash a C++ (libember) server.
The current encoding of -0.0 in C++ (libember) will lead to the C# exception https://github.com/Lawo/ember-plus-sharp/blob/1a1c2387c90288b8bae311f318b183659e22c1de/Lawo.EmberPlusSharp/Ember/EmberReader.cs#L563 .
libember_slim
In libember_slim -0.0 will be decoded as NAN
ember-plus/libember_slim/Source/ber.c
Line 734 in 678838b
needed fixes
So en/decoding of -0.0 should be handled (libember / libember_slim), but I'm not sure if -0.0 is really needed or if it shouldn't be silently converted to 0.0 to avoid crashing applications using the current lib. If the silent conversion approach is taken than it probably should also be taken in C#.
Length should be checked to avoid the segfault, as the standard might be enhanced in the future.
StreamBuffer::front should probably always check that m_head is not nullptr and throw an exception if it is, to avoid future segmentation faults where the assumptions while using it don't apply.
The text was updated successfully, but these errors were encountered: