From c4a1aa48786f27c81d2ed5025679dbcada90da2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Wed, 8 Dec 2021 11:25:28 +0100
Subject: [PATCH] Standards.ASN1.Decode: Set error mode on Stdio.Buffer.

Throw errors on buffer underflow.

Thanks to Joshua Rogers for the report and test vectors.

Fixes #10075.
---
 lib/modules/Standards.pmod/ASN1.pmod/Decode.pmod  | 3 ++-
 lib/modules/Standards.pmod/ASN1.pmod/testsuite.in | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/modules/Standards.pmod/ASN1.pmod/Decode.pmod b/lib/modules/Standards.pmod/ASN1.pmod/Decode.pmod
index 520ef2e708..facee2721a 100644
--- a/lib/modules/Standards.pmod/ASN1.pmod/Decode.pmod
+++ b/lib/modules/Standards.pmod/ASN1.pmod/Decode.pmod
@@ -109,6 +109,7 @@ protected array(int) read_identifier(Stdio.Buffer data)
       ({"universal","application","context","private"})[cls], const, tag, len);
 
   data = [object(Stdio.Buffer)]data->read_buffer(len);
+  data->set_error_mode(1);
 
   program(.Types.Object) p = types[ .Types.make_combined_tag(cls, tag) ];
 
@@ -230,7 +231,7 @@ mapping(int:program(.Types.Object)) universal_types =
 				mapping(int:program(.Types.Object))|void types)
 {
   types = types ? universal_types+types : universal_types;
-  Stdio.Buffer buf = Stdio.Buffer(data);
+  Stdio.Buffer buf = Stdio.Buffer(data)->set_error_mode(1);
   .Types.Object ret = der_decode(buf, types);
   if( sizeof(buf) ) return 0;
   return ret;
diff --git a/lib/modules/Standards.pmod/ASN1.pmod/testsuite.in b/lib/modules/Standards.pmod/ASN1.pmod/testsuite.in
index 76e6a100f2..bf363493db 100644
--- a/lib/modules/Standards.pmod/ASN1.pmod/testsuite.in
+++ b/lib/modules/Standards.pmod/ASN1.pmod/testsuite.in
@@ -3,6 +3,10 @@ START_MARKER
 test_do( add_constant("Types", Standards.ASN1.Types); )
 
 test_eval_error(Standards.ASN1.Decode.simple_der_decode(""))
+test_eval_error(Standards.ASN1.Decode.secure_der_decode(""))
+
+test_eval_error(Standards.ASN1.Decode.simple_der_decode(String.hex2string("a2184515521e4c5d26f05590543c696ca2bd04b7754a18107d7f62744fbcb3a52ee80de3dca53339c3f6b2196afe3c540adfeb92686029f2")))
+test_eval_error(Standards.ASN1.Decode.secure_der_decode(String.hex2string("a2184515521e4c5d26f05590543c696ca2bd04b7754a18107d7f62744fbcb3a52ee80de3dca53339c3f6b2196afe3c540adfeb92686029f2")))
 
 define(test_decode,[[
   test_eq(sprintf("%O",Standards.ASN1.Decode.simple_der_decode(String.hex2string($1-" ")))-"Standards.ASN1.",$2)
-- 
GitLab