Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

correctly handle non-byte-aligned BIT STRING length #135

Merged
merged 2 commits into from
Aug 4, 2023

Conversation

benmaddison
Copy link
Contributor

Fixes #134

src/ber/de.rs Outdated
Comment on lines 271 to 277
// TODO:
// Using `saturating_sub` here ensures that the `flip1` test passes,
// but returning an error on an overflow is probably more correct,
// at least for DER.
// Need to consult the spec...
let bit_length = string.len().saturating_sub(bits as usize);
string.truncate(bit_length);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd switch this to checked_sub and then return an error, I'm pretty sure the spec doesn't cover what you should do here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've taken a look at X.690 again:
The only way that we can get an overflow here is if string.len() == 0 && bits > 0, meaning the BIT STRING was empty but the unused bits octet was non-zero.
Thus clause 8.6.2.3 applies, and the right thing to do is error.
Will do this now...

@XAMPPRocky
Copy link
Collaborator

Thank you for your PR, and congrats on your first contribution! 🎉

@XAMPPRocky XAMPPRocky merged commit 20434b9 into librasn:main Aug 4, 2023
68 checks passed
@github-actions github-actions bot mentioned this pull request Aug 4, 2023
@benmaddison benmaddison deleted the bit-string-length branch August 4, 2023 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

DER encoded BIT STRING produces BitString with incorrect length
2 participants