Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Potential ASN1 Buffer Overflows in EnterContainer() and DecodeHead() #19549

Merged
merged 1 commit into from
Jun 14, 2022
Merged

Fix Potential ASN1 Buffer Overflows in EnterContainer() and DecodeHead() #19549

merged 1 commit into from
Jun 14, 2022

Conversation

emargolis
Copy link
Contributor

Problem

described in detail in #19335

Change overview

fixed

Testing

existing tests

@boring-cyborg boring-cyborg bot added the lib label Jun 14, 2022
turon
turon previously approved these changes Jun 14, 2022
View reviewed changes
src/lib/asn1/ASN1Reader.cpp Outdated Show resolved Hide resolved
@turon turon dismissed their stale review June 14, 2022 00:33

Meant to comment only at this juncture

@emargolis emargolis force-pushed the emargolis/feature/asn1-buffer-overflow branch from 554850d to 4b6cf5e Compare June 14, 2022 00:42
@github-actions
Copy link

github-actions bot commented Jun 14, 2022
edited
Loading

PR #19549: Size comparison from 8cbfd2f to 4b6cf5e

Increases (41 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 8cbfd2f 4b6cf5e change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 658927 658951 24 0.0
.text 571592 571616 24 0.0
all-clusters-minimal-app LP_CC2652R7 (read only) 645459 645483 24 0.0
.text 555104 555128 24 0.0
lock-ftd LP_CC2652R7 (read only) 688323 688347 24 0.0
.text 588980 589004 24 0.0
lock-mtd LP_CC2652R7 (read only) 637739 637763 24 0.0
.text 538508 538532 24 0.0
pump-app LP_CC2652R7 (read only) 669723 669747 24 0.0
.text 582260 582284 24 0.0
pump-controller-app LP_CC2652R7 (read only) 660279 660303 24 0.0
.text 574916 574940 24 0.0
shell LP_CC2652R7 (read only) 689070 689094 24 0.0
.text 578664 578688 24 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 607170 607194 24 0.0
.app_xip_area 465668 465692 24 0.0
lock cyw930739m2evb_01 (read/write) 604286 604310 24 0.0
.app_xip_area 462640 462664 24 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 612006 612030 24 0.0
.app_xip_area 471432 471456 24 0.0
efr32 lighting-app BRD4161A (read only) 920296 920376 80 0.0
.text 920288 920368 80 0.0
BRD4161A+rpc (read only) 955960 956040 80 0.0
.text 955952 956032 80 0.0
BRD4161A+rs911x (read only) 795420 795500 80 0.0
.text 795412 795492 80 0.0
lock-app BRD4161A+wf200 (read only) 963396 963412 16 0.0
.text 963388 963404 16 0.0
window-app BRD4161A (read only) 905192 905272 80 0.0
.text 905184 905264 80 0.0
esp32 all-clusters-app c3devkit (read only) 1013596 1013618 22 0.0
.flash.text 1013596 1013618 22 0.0
m5stack (read only) 1067871 1067895 24 0.0
.flash.text 1062487 1062511 24 0.0
k32w light k32w061+release (read/write) 658120 658136 16 0.0
.text 580544 580560 16 0.0
lock k32w061+release (read/write) 719740 719756 16 0.0
.text 641760 641776 16 0.0
linux all-clusters-app debug (read only) 2925345 2925601 256 0.0
.text 2491490 2491746 256 0.0
all-clusters-minimal-app debug (read only) 2770761 2771033 272 0.0
.text 2339026 2339298 272 0.0
bridge-app debug+rpc (read only) 2250161 2250433 272 0.0
.text 1899106 1899378 272 0.0
chip-tool debug (read only) 9817845 9818101 256 0.0
.text 7870421 7870677 256 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 9565452 9565724 272 0.0
.text 7520548 7520820 272 0.0
lighting-app debug+rpc (read only) 2506905 2507161 256 0.0
.text 2130898 2131154 256 0.0
lock-app debug (read only) 2445593 2445849 256 0.0
.text 2061202 2061458 256 0.0
ota-provider-app debug (read only) 2284161 2284417 256 0.0
.text 1925602 1925858 256 0.0
ota-requestor-app debug (read only) 2331721 2331977 256 0.0
.text 1967138 1967394 256 0.0
shell debug (read only) 2606457 2606713 256 0.0
.text 2217330 2217586 256 0.0
thermostat-no-ble arm64 (read only) 2559588 2559860 272 0.0
.text 2160560 2160832 272 0.0
tv-app debug (read only) 3053609 3053865 256 0.0
.text 2625106 2625362 256 0.0
tv-casting-app debug (read only) 5351545 5351817 272 0.0
.text 4657906 4658178 272 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read/write) 2434592 2434656 64 0.0
.text 1397236 1397300 64 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1198923 1198939 16 0.0
text 822252 822276 24 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1144139 1144155 16 0.0
text 792572 792596 24 0.0
p6 all-clusters-app default (read/write) 2552712 2552792 80 0.0
.text 1510976 1511056 80 0.0
all-clusters-minimal-app default (read/write) 2495184 2495264 80 0.0
.text 1453448 1453528 80 0.0
light-app default (read/write) 2426568 2426648 80 0.0
.text 1384832 1384912 80 0.0
lock-app default (read/write) 2446976 2447056 80 0.0
.text 1405240 1405320 80 0.0
telink light-switch-app tlsr9518adk80d (read/write) 787588 787620 32 0.0
text 557504 557534 30 0.0
lighting-app tlsr9518adk80d (read/write) 807576 807600 24 0.0
text 574196 574224 28 0.0
Decreases (5 builds for cc13x2_26x2)
platform target config section 8cbfd2f 4b6cf5e change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read/write) 191960 191936 -24 -0.0
lock-ftd LP_CC2652R7 (read/write) 153636 153612 -24 -0.0
pump-app LP_CC2652R7 (read/write) 173148 173124 -24 -0.0
pump-controller-app LP_CC2652R7 (read/write) 182696 182672 -24 -0.0
shell LP_CC2652R7 (read/write) 157312 157288 -24 -0.0
Full report (41 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 8cbfd2f 4b6cf5e change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 658927 658951 24 0.0
(read/write) 191960 191936 -24 -0.0
.bss 73780 73780 0 0.0
.data 3416 3416 0 0.0
.rodata 87023 87023 0 0.0
.text 571592 571616 24 0.0
all-clusters-minimal-app LP_CC2652R7 (read only) 645459 645483 24 0.0
(read/write) 157276 157276 0 0.0
.bss 73004 73004 0 0.0
.data 3356 3356 0 0.0
.rodata 90035 90035 0 0.0
.text 555104 555128 24 0.0
lock-ftd LP_CC2652R7 (read only) 688323 688347 24 0.0
(read/write) 153636 153612 -24 -0.0
.bss 71740 71740 0 0.0
.data 3280 3280 0 0.0
.rodata 98859 98859 0 0.0
.text 588980 589004 24 0.0
lock-mtd LP_CC2652R7 (read only) 637739 637763 24 0.0
(read/write) 144872 144872 0 0.0
.bss 67476 67476 0 0.0
.data 3280 3280 0 0.0
.rodata 98739 98739 0 0.0
.text 538508 538532 24 0.0
pump-app LP_CC2652R7 (read only) 669723 669747 24 0.0
(read/write) 173148 173124 -24 -0.0
.bss 71884 71884 0 0.0
.data 3316 3316 0 0.0
.rodata 86979 86979 0 0.0
.text 582260 582284 24 0.0
pump-controller-app LP_CC2652R7 (read only) 660279 660303 24 0.0
(read/write) 182696 182672 -24 -0.0
.bss 71988 71988 0 0.0
.data 3276 3276 0 0.0
.rodata 84879 84879 0 0.0
.text 574916 574940 24 0.0
shell LP_CC2652R7 (read only) 689070 689094 24 0.0
(read/write) 157312 157288 -24 -0.0
.bss 76076 76076 0 0.0
.data 3420 3420 0 0.0
.rodata 110094 110094 0 0.0
.text 578664 578688 24 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 607170 607194 24 0.0
.app_xip_area 465668 465692 24 0.0
.bss 84432 84432 0 0.0
.data 756 756 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
lock cyw930739m2evb_01 (read/write) 604286 604310 24 0.0
.app_xip_area 462640 462664 24 0.0
.bss 84608 84608 0 0.0
.data 724 724 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 612006 612030 24 0.0
.app_xip_area 471432 471456 24 0.0
.bss 83616 83616 0 0.0
.data 644 644 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 920296 920376 80 0.0
(read/write) 133440 133440 0 0.0
.bss 131320 131320 0 0.0
.data 2116 2116 0 0.0
.text 920288 920368 80 0.0
BRD4161A+rpc (read only) 955960 956040 80 0.0
(read/write) 150312 150312 0 0.0
.bss 147992 147992 0 0.0
.data 2320 2320 0 0.0
.text 955952 956032 80 0.0
BRD4161A+rs911x (read only) 795420 795500 80 0.0
(read/write) 129720 129720 0 0.0
.bss 127596 127596 0 0.0
.data 2124 2124 0 0.0
.text 795412 795492 80 0.0
lock-app BRD4161A+wf200 (read only) 963396 963412 16 0.0
(read/write) 130060 130060 0 0.0
.bss 127972 127972 0 0.0
.data 2088 2088 0 0.0
.text 963388 963404 16 0.0
window-app BRD4161A (read only) 905192 905272 80 0.0
(read/write) 133512 133512 0 0.0
.bss 131400 131400 0 0.0
.data 2108 2108 0 0.0
.text 905184 905264 80 0.0
esp32 all-clusters-app c3devkit (read only) 1013596 1013618 22 0.0
(read/write) 1483474 1483474 0 0.0
.dram0.bss 69408 69408 0 0.0
.dram0.data 14696 14696 0 0.0
.flash.rodata 213936 213936 0 0.0
.flash.text 1013596 1013618 22 0.0
.iram0.text 62902 62902 0 0.0
m5stack (read only) 1067871 1067895 24 0.0
(read/write) 485568 485568 0 0.0
.dram0.bss 74936 74936 0 0.0
.dram0.data 34224 34224 0 0.0
.flash.rodata 244412 244412 0 0.0
.flash.text 1062487 1062511 24 0.0
.iram0.text 123267 123267 0 0.0
k32w light k32w061+release (read/write) 658120 658136 16 0.0
.bss 69748 69748 0 0.0
.data 2028 2028 0 0.0
.text 580544 580560 16 0.0
lock k32w061+release (read/write) 719740 719756 16 0.0
.bss 70180 70180 0 0.0
.data 2000 2000 0 0.0
.text 641760 641776 16 0.0
linux all-clusters-app debug (read only) 2925345 2925601 256 0.0
(read/write) 188528 188528 0 0.0
.bss 95776 95776 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 84488 84488 0 0.0
.dynamic 608 608 0 0.0
.got 4544 4544 0 0.0
.init 27 27 0 0.0
.init_array 1032 1032 0 0.0
.rodata 258205 258205 0 0.0
.text 2491490 2491746 256 0.0
all-clusters-minimal-app debug (read only) 2770761 2771033 272 0.0
(read/write) 179888 179888 0 0.0
.bss 94944 94944 0 0.0
.data 1920 1920 0 0.0
.data.rel.ro 76872 76872 0 0.0
.dynamic 608 608 0 0.0
.got 4496 4496 0 0.0
.init 27 27 0 0.0
.init_array 1032 1032 0 0.0
.rodata 258621 258621 0 0.0
.text 2339026 2339298 272 0.0
bridge-app debug+rpc (read only) 2250161 2250433 272 0.0
(read/write) 158752 158752 0 0.0
.bss 82976 82976 0 0.0
.data 3760 3760 0 0.0
.data.rel.ro 66232 66232 0 0.0
.dynamic 608 608 0 0.0
.got 4400 4400 0 0.0
.init 27 27 0 0.0
.init_array 728 728 0 0.0
.rodata 191072 191072 0 0.0
.text 1899106 1899378 272 0.0
chip-tool debug (read only) 9817845 9818101 256 0.0
(read/write) 623496 623496 0 0.0
.bss 25440 25440 0 0.0
.data 1088 1088 0 0.0
.data.rel.ro 590696 590696 0 0.0
.dynamic 624 624 0 0.0
.got 5000 5000 0 0.0
.init 27 27 0 0.0
.init_array 640 640 0 0.0
.rodata 506805 506805 0 0.0
.text 7870421 7870677 256 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 9565452 9565724 272 0.0
(read/write) 689841 689841 0 0.0
.bss 43697 43697 0 0.0
.data 1152 1152 0 0.0
.data.rel.ro 626128 626128 0 0.0
.dynamic 528 528 0 0.0
.got 15056 15056 0 0.0
.init 24 24 0 0.0
.init_array 192 192 0 0.0
.rodata 468812 468812 0 0.0
.text 7520548 7520820 272 0.0
lighting-app debug+rpc (read only) 2506905 2507161 256 0.0
(read/write) 163864 163864 0 0.0
.bss 84544 84544 0 0.0
.data 2000 2000 0 0.0
.data.rel.ro 71432 71432 0 0.0
.dynamic 608 608 0 0.0
.got 4432 4432 0 0.0
.init 27 27 0 0.0
.init_array 816 816 0 0.0
.rodata 207336 207336 0 0.0
.text 2130898 2131154 256 0.0
lock-app debug (read only) 2445593 2445849 256 0.0
(read/write) 158488 158488 0 0.0
.bss 82944 82944 0 0.0
.data 1552 1552 0 0.0
.data.rel.ro 68120 68120 0 0.0
.dynamic 608 608 0 0.0
.got 4432 4432 0 0.0
.init 27 27 0 0.0
.init_array 784 784 0 0.0
.rodata 221192 221192 0 0.0
.text 2061202 2061458 256 0.0
ota-provider-app debug (read only) 2284161 2284417 256 0.0
(read/write) 152688 152688 0 0.0
.bss 82624 82624 0 0.0
.data 1784 1784 0 0.0
.data.rel.ro 62456 62456 0 0.0
.dynamic 608 608 0 0.0
.got 4496 4496 0 0.0
.init 27 27 0 0.0
.init_array 680 680 0 0.0
.rodata 197368 197368 0 0.0
.text 1925602 1925858 256 0.0
ota-requestor-app debug (read only) 2331721 2331977 256 0.0
(read/write) 155504 155504 0 0.0
.bss 83328 83328 0 0.0
.data 1976 1976 0 0.0
.data.rel.ro 64392 64392 0 0.0
.dynamic 608 608 0 0.0
.got 4456 4456 0 0.0
.init 27 27 0 0.0
.init_array 712 712 0 0.0
.rodata 199552 199552 0 0.0
.text 1967138 1967394 256 0.0
shell debug (read only) 2606457 2606713 256 0.0
(read/write) 219384 219384 0 0.0
.bss 134568 134568 0 0.0
.data 1392 1392 0 0.0
.data.rel.ro 77672 77672 0 0.0
.dynamic 608 608 0 0.0
.got 4176 4176 0 0.0
.init 27 27 0 0.0
.init_array 936 936 0 0.0
.rodata 229810 229810 0 0.0
.text 2217330 2217586 256 0.0
thermostat-no-ble arm64 (read only) 2559588 2559860 272 0.0
(read/write) 191409 191409 0 0.0
.bss 99377 99377 0 0.0
.data 1560 1560 0 0.0
.data.rel.ro 82376 82376 0 0.0
.dynamic 528 528 0 0.0
.got 5080 5080 0 0.0
.init 24 24 0 0.0
.init_array 400 400 0 0.0
.rodata 161356 161356 0 0.0
.text 2160560 2160832 272 0.0
tv-app debug (read only) 3053609 3053865 256 0.0
(read/write) 289864 289864 0 0.0
.bss 200200 200200 0 0.0
.data 4688 4688 0 0.0
.data.rel.ro 78528 78528 0 0.0
.dynamic 608 608 0 0.0
.got 4848 4848 0 0.0
.init 27 27 0 0.0
.init_array 952 952 0 0.0
.rodata 242720 242720 0 0.0
.text 2625106 2625362 256 0.0
tv-casting-app debug (read only) 5351545 5351817 272 0.0
(read/write) 232312 232312 0 0.0
.bss 88072 88072 0 0.0
.data 2480 2480 0 0.0
.data.rel.ro 135528 135528 0 0.0
.dynamic 608 608 0 0.0
.got 4712 4712 0 0.0
.init 27 27 0 0.0
.init_array 872 872 0 0.0
.rodata 342368 342368 0 0.0
.text 4657906 4658178 272 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2434592 2434656 64 0.0
.bss 209196 209196 0 0.0
.data 5864 5864 0 0.0
.text 1397236 1397300 64 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1198923 1198939 16 0.0
bss 141617 141617 0 0.0
rodata 156100 156100 0 0.0
text 822252 822276 24 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1144139 1144155 16 0.0
bss 140808 140808 0 0.0
rodata 131828 131828 0 0.0
text 792572 792596 24 0.0
p6 all-clusters-app default (read/write) 2552712 2552792 80 0.0
.bss 143408 143408 0 0.0
.data 2832 2832 0 0.0
.text 1510976 1511056 80 0.0
all-clusters-minimal-app default (read/write) 2495184 2495264 80 0.0
.bss 142624 142624 0 0.0
.data 2776 2776 0 0.0
.text 1453448 1453528 80 0.0
light-app default (read/write) 2426568 2426648 80 0.0
.bss 135736 135736 0 0.0
.data 2624 2624 0 0.0
.text 1384832 1384912 80 0.0
lock-app default (read/write) 2446976 2447056 80 0.0
.bss 135560 135560 0 0.0
.data 2600 2600 0 0.0
.text 1405240 1405320 80 0.0
telink light-switch-app tlsr9518adk80d (read/write) 787588 787620 32 0.0
bss 70876 70876 0 0.0
noinit 40416 40416 0 0.0
text 557504 557534 30 0.0
lighting-app tlsr9518adk80d (read/write) 807576 807600 24 0.0
bss 71128 71128 0 0.0
noinit 40416 40416 0 0.0
text 574196 574224 28 0.0

@bzbarsky-apple bzbarsky-apple merged commit 9493d7b into project-chip:master Jun 14, 2022
@emargolis emargolis mentioned this pull request Jun 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bzbarsky-apple bzbarsky-apple bzbarsky-apple approved these changes

@msandstedt msandstedt msandstedt approved these changes

@turon turon turon left review comments

@andy31415 andy31415 Awaiting requested review from andy31415

@anush-apple anush-apple Awaiting requested review from anush-apple

@arkq arkq Awaiting requested review from arkq

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@erjiaqing erjiaqing Awaiting requested review from erjiaqing

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@harimau-qirex harimau-qirex Awaiting requested review from harimau-qirex

@hawk248 hawk248 Awaiting requested review from hawk248

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@isiu-apple isiu-apple Awaiting requested review from isiu-apple

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@jtung-apple jtung-apple Awaiting requested review from jtung-apple

@kghost kghost Awaiting requested review from kghost

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@lazarkov lazarkov Awaiting requested review from lazarkov

@LuDuda LuDuda Awaiting requested review from LuDuda

@mlepage-google mlepage-google Awaiting requested review from mlepage-google

@mspang mspang Awaiting requested review from mspang

@rgoliver rgoliver Awaiting requested review from rgoliver

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tecimovic tecimovic Awaiting requested review from tecimovic

@tehampson tehampson Awaiting requested review from tehampson

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

Assignees
No one assigned
Labels
lib review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emargolis @turon @msandstedt @bzbarsky-apple