LCOV - code coverage report
Current view: top level - src - ber-decoder.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 0 632 0.0 %
Date: 2016-12-15 12:55:14 Functions: 0 30 0.0 %

          Line data    Source code
       1             : /* ber-decoder.c - Basic Encoding Rules Decoder
       2             :  * Copyright (C) 2001, 2004, 2006, 2012, 2015 g10 Code GmbH
       3             :  *
       4             :  * This file is part of KSBA.
       5             :  *
       6             :  * KSBA is free software; you can redistribute it and/or modify
       7             :  * it under the terms of either
       8             :  *
       9             :  *   - the GNU Lesser General Public License as published by the Free
      10             :  *     Software Foundation; either version 3 of the License, or (at
      11             :  *     your option) any later version.
      12             :  *
      13             :  * or
      14             :  *
      15             :  *   - the GNU General Public License as published by the Free
      16             :  *     Software Foundation; either version 2 of the License, or (at
      17             :  *     your option) any later version.
      18             :  *
      19             :  * or both in parallel, as here.
      20             :  *
      21             :  * KSBA is distributed in the hope that it will be useful, but WITHOUT
      22             :  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
      23             :  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
      24             :  * License for more details.
      25             :  *
      26             :  * You should have received a copies of the GNU General Public License
      27             :  * and the GNU Lesser General Public License along with this program;
      28             :  * if not, see <http://www.gnu.org/licenses/>.
      29             :  */
      30             : 
      31             : #include <config.h>
      32             : #include <stdio.h>
      33             : #include <stdlib.h>
      34             : #include <string.h>
      35             : #include <assert.h>
      36             : #include "util.h"
      37             : 
      38             : #include "util.h"
      39             : #include "ksba.h"
      40             : #include "asn1-func.h"
      41             : #include "ber-decoder.h"
      42             : #include "ber-help.h"
      43             : 
      44             : 
      45             : /* The maximum length we allow for an image, that is for a BER encoded
      46             :  * object.  */
      47             : #define MAX_IMAGE_LENGTH (16 * 1024 * 1024)
      48             : 
      49             : 
      50             : struct decoder_state_item_s {
      51             :   AsnNode node;
      52             :   int went_up;
      53             :   int in_seq_of;
      54             :   int in_any;    /* actually in a constructed any */
      55             :   int again;
      56             :   int next_tag;
      57             :   int length;  /* length of the value */
      58             :   int ndef_length; /* the length is of indefinite length */
      59             :   int nread;   /* number of value bytes processed */
      60             : };
      61             : typedef struct decoder_state_item_s DECODER_STATE_ITEM;
      62             : 
      63             : struct decoder_state_s {
      64             :   DECODER_STATE_ITEM cur;     /* current state */
      65             :   int stacksize;
      66             :   int idx;
      67             :   DECODER_STATE_ITEM stack[1];
      68             : };
      69             : typedef struct decoder_state_s *DECODER_STATE;
      70             : 
      71             : 
      72             : /* Context for a decoder. */
      73             : struct ber_decoder_s
      74             : {
      75             :   AsnNode module;    /* the ASN.1 structure */
      76             :   ksba_reader_t reader;
      77             :   const char *last_errdesc; /* string with the error description */
      78             :   int non_der;    /* set if the encoding is not DER conform */
      79             :   AsnNode root;   /* of the expanded parse tree */
      80             :   DECODER_STATE ds;
      81             :   int bypass;
      82             : 
      83             :   /* Because some certificates actually come with trailing garbage, we
      84             :      use a hack to ignore this garbage.  This hack is enabled for data
      85             :      starting with a fixed length sequence and this variable takes the
      86             :      length of this sequence.  If it is 0, the hack is not
      87             :      activated. */
      88             :   unsigned long outer_sequence_length;
      89             :   int ignore_garbage;  /* Set to indicate that garbage should be
      90             :                           ignored. */
      91             :   int fast_stop;       /* Yet another hack.  */
      92             : 
      93             :   int first_tag_seen;  /* Indicates whether the first tag of a decoder
      94             :                           run has been read. */
      95             : 
      96             :   int honor_module_end;
      97             :   int debug;
      98             :   int use_image;
      99             :   struct
     100             :   {
     101             :     unsigned char *buf;
     102             :     size_t used;
     103             :     size_t length;
     104             :   } image;
     105             :   struct
     106             :   {
     107             :     int primitive;  /* current value is a primitive one */
     108             :     size_t length;  /* length of the primitive one */
     109             :     int nhdr;       /* length of the header */
     110             :     int tag;
     111             :     int is_endtag;
     112             :     AsnNode node;   /* NULL or matching node */
     113             :   } val;
     114             : };
     115             : 
     116             : 
     117             : 
     118             : /* Evaluate with overflow check:  A1 + A2 > B  */
     119             : static inline int
     120           0 : sum_a1_a2_gt_b (size_t a1, size_t a2, size_t b)
     121             : {
     122           0 :   size_t sum = a1 + a2;
     123           0 :   return (sum < a1 || sum > b);
     124             : }
     125             : 
     126             : /* Evaluate with overflow check:  A1 + A2 >= B  */
     127             : static inline int
     128           0 : sum_a1_a2_ge_b (size_t a1, size_t a2, size_t b)
     129             : {
     130           0 :   size_t sum = a1 + a2;
     131           0 :   return (sum < a1 || sum >= b);
     132             : }
     133             : 
     134             : 
     135             : 
     136             : static DECODER_STATE
     137           0 : new_decoder_state (void)
     138             : {
     139             :   DECODER_STATE ds;
     140             : 
     141           0 :   ds = xmalloc (sizeof (*ds) + 99*sizeof(DECODER_STATE_ITEM));
     142           0 :   ds->stacksize = 100;
     143           0 :   ds->idx = 0;
     144           0 :   ds->cur.node = NULL;
     145           0 :   ds->cur.went_up = 0;
     146           0 :   ds->cur.in_seq_of = 0;
     147           0 :   ds->cur.in_any = 0;
     148           0 :   ds->cur.again = 0;
     149           0 :   ds->cur.next_tag = 0;
     150           0 :   ds->cur.length = 0;
     151           0 :   ds->cur.ndef_length = 1;
     152           0 :   ds->cur.nread = 0;
     153           0 :   return ds;
     154             : }
     155             : 
     156             : static void
     157           0 : release_decoder_state (DECODER_STATE ds)
     158             : {
     159           0 :   xfree (ds);
     160           0 : }
     161             : 
     162             : static void
     163           0 : dump_decoder_state (DECODER_STATE ds)
     164             : {
     165             :   int i;
     166             : 
     167           0 :   for (i=0; i < ds->idx; i++)
     168             :     {
     169           0 :       fprintf (stderr,"  ds stack[%d] (", i);
     170           0 :       if (ds->stack[i].node)
     171           0 :         _ksba_asn_node_dump (ds->stack[i].node, stderr);
     172             :       else
     173           0 :         fprintf (stderr, "Null");
     174           0 :       fprintf (stderr,") %s%d (%d)%s\n",
     175           0 :                ds->stack[i].ndef_length? "ndef ":"",
     176             :                ds->stack[i].length,
     177             :                ds->stack[i].nread,
     178           0 :                ds->stack[i].in_seq_of? " in_seq_of":"");
     179             :     }
     180           0 : }
     181             : 
     182             : /* Push ITEM onto the stack */
     183             : static gpg_error_t
     184           0 : push_decoder_state (DECODER_STATE ds)
     185             : {
     186           0 :   if (ds->idx >= ds->stacksize)
     187             :     {
     188           0 :       fprintf (stderr, "ksba: ber-decoder: stack overflow!\n");
     189           0 :       return gpg_error (GPG_ERR_LIMIT_REACHED);
     190             :     }
     191           0 :   ds->stack[ds->idx++] = ds->cur;
     192           0 :   return 0;
     193             : }
     194             : 
     195             : static gpg_error_t
     196           0 : pop_decoder_state (DECODER_STATE ds)
     197             : {
     198           0 :   if (!ds->idx)
     199             :     {
     200           0 :       fprintf (stderr, "ksba: ber-decoder: stack underflow!\n");
     201           0 :       return gpg_error (GPG_ERR_INTERNAL);
     202             :     }
     203           0 :   ds->cur = ds->stack[--ds->idx];
     204           0 :   return 0;
     205             : }
     206             : 
     207             : 
     208             : 
     209             : static int
     210           0 : set_error (BerDecoder d, AsnNode node, const char *text)
     211             : {
     212           0 :   fprintf (stderr,"ksba: ber-decoder: node `%s': %s\n",
     213             :            node? node->name:"?", text);
     214           0 :   d->last_errdesc = text;
     215           0 :   return gpg_error (GPG_ERR_BAD_BER);
     216             : }
     217             : 
     218             : 
     219             : static int
     220           0 : eof_or_error (BerDecoder d, int premature)
     221             : {
     222             :   gpg_error_t err;
     223             : 
     224           0 :   err = ksba_reader_error (d->reader);
     225           0 :   if (err)
     226             :     {
     227           0 :       set_error (d, NULL, "read error");
     228           0 :       return err;
     229             :     }
     230           0 :   if (premature)
     231           0 :     return set_error (d, NULL, "premature EOF");
     232           0 :   return gpg_error (GPG_ERR_EOF);
     233             : }
     234             : 
     235             : static const char *
     236           0 : universal_tag_name (unsigned long no)
     237             : {
     238             :   static const char * const names[31] = {
     239             :     "[End Tag]",
     240             :     "BOOLEAN",
     241             :     "INTEGER",
     242             :     "BIT STRING",
     243             :     "OCTECT STRING",
     244             :     "NULL",
     245             :     "OBJECT IDENTIFIER",
     246             :     "ObjectDescriptor",
     247             :     "EXTERNAL",
     248             :     "REAL",
     249             :     "ENUMERATED",
     250             :     "EMBEDDED PDV",
     251             :     "UTF8String",
     252             :     "RELATIVE-OID",
     253             :     "[UNIVERSAL 14]",
     254             :     "[UNIVERSAL 15]",
     255             :     "SEQUENCE",
     256             :     "SET",
     257             :     "NumericString",
     258             :     "PrintableString",
     259             :     "TeletexString",
     260             :     "VideotexString",
     261             :     "IA5String",
     262             :     "UTCTime",
     263             :     "GeneralizedTime",
     264             :     "GraphicString",
     265             :     "VisibleString",
     266             :     "GeneralString",
     267             :     "UniversalString",
     268             :     "CHARACTER STRING",
     269             :     "BMPString"
     270             :   };
     271             : 
     272           0 :   return no < DIM(names)? names[no]:NULL;
     273             : }
     274             : 
     275             : 
     276             : static void
     277           0 : dump_tlv (const struct tag_info *ti, FILE *fp)
     278             : {
     279           0 :   const char *tagname = NULL;
     280             : 
     281           0 :   if (ti->class == CLASS_UNIVERSAL)
     282           0 :     tagname = universal_tag_name (ti->tag);
     283             : 
     284           0 :   if (tagname)
     285           0 :     fputs (tagname, fp);
     286             :   else
     287           0 :     fprintf (fp, "[%s %lu]",
     288           0 :              ti->class == CLASS_UNIVERSAL? "UNIVERSAL" :
     289           0 :              ti->class == CLASS_APPLICATION? "APPLICATION" :
     290           0 :              ti->class == CLASS_CONTEXT? "CONTEXT-SPECIFIC" : "PRIVATE",
     291             :              ti->tag);
     292           0 :   fprintf (fp, " %c hdr=%lu len=",
     293           0 :            ti->is_constructed? 'c':'p',
     294           0 :            (unsigned long)ti->nhdr);
     295           0 :   if (ti->ndef)
     296           0 :     fputs ("ndef", fp);
     297             :   else
     298           0 :     fprintf (fp, "%lu", ti->length);
     299           0 : }
     300             : 
     301             : 
     302             : static void
     303           0 : clear_help_flags (AsnNode node)
     304             : {
     305             :   AsnNode p;
     306             : 
     307           0 :   for (p=node; p; p = _ksba_asn_walk_tree (node, p))
     308             :     {
     309           0 :       if (p->type == TYPE_TAG)
     310             :         {
     311           0 :           p->flags.tag_seen = 0;
     312             :         }
     313           0 :       p->flags.skip_this = 0;
     314             :     }
     315             : 
     316           0 : }
     317             : 
     318             : static void
     319           0 : prepare_copied_tree (AsnNode node)
     320             : {
     321             :   AsnNode p;
     322             : 
     323           0 :   clear_help_flags (node);
     324           0 :   for (p=node; p; p = _ksba_asn_walk_tree (node, p))
     325           0 :     p->off = -1;
     326             : 
     327           0 : }
     328             : 
     329             : static void
     330           0 : fixup_type_any (AsnNode node)
     331             : {
     332             :   AsnNode p;
     333             : 
     334           0 :   for (p=node; p; p = _ksba_asn_walk_tree (node, p))
     335             :     {
     336           0 :       if (p->type == TYPE_ANY && p->off != -1)
     337           0 :         p->type = p->actual_type;
     338             :     }
     339           0 : }
     340             : 
     341             : 
     342             : 
     343             : BerDecoder
     344           0 : _ksba_ber_decoder_new (void)
     345             : {
     346             :   BerDecoder d;
     347             : 
     348           0 :   d = xtrycalloc (1, sizeof *d);
     349           0 :   if (!d)
     350           0 :     return NULL;
     351             : 
     352           0 :   return d;
     353             : }
     354             : 
     355             : void
     356           0 : _ksba_ber_decoder_release (BerDecoder d)
     357             : {
     358           0 :   xfree (d);
     359           0 : }
     360             : 
     361             : /**
     362             :  * _ksba_ber_decoder_set_module:
     363             :  * @d: Decoder object
     364             :  * @module: ASN.1 Parse tree
     365             :  *
     366             :  * Initialize the decoder with the ASN.1 module.  Note, that this is a
     367             :  * shallow copy of the module.  Hmmm: What about ref-counting of
     368             :  * AsnNodes?
     369             :  *
     370             :  * Return value: 0 on success or an error code
     371             :  **/
     372             : gpg_error_t
     373           0 : _ksba_ber_decoder_set_module (BerDecoder d, ksba_asn_tree_t module)
     374             : {
     375           0 :   if (!d || !module)
     376           0 :     return gpg_error (GPG_ERR_INV_VALUE);
     377           0 :   if (d->module)
     378           0 :     return gpg_error (GPG_ERR_CONFLICT); /* module already set */
     379             : 
     380           0 :   d->module = module->parse_tree;
     381           0 :   return 0;
     382             : }
     383             : 
     384             : 
     385             : gpg_error_t
     386           0 : _ksba_ber_decoder_set_reader (BerDecoder d, ksba_reader_t r)
     387             : {
     388           0 :   if (!d || !r)
     389           0 :     return gpg_error (GPG_ERR_INV_VALUE);
     390           0 :   if (d->reader)
     391           0 :     return gpg_error (GPG_ERR_CONFLICT); /* reader already set */
     392             : 
     393           0 :   d->reader = r;
     394           0 :   return 0;
     395             : }
     396             : 
     397             : 
     398             : /**********************************************
     399             :  ***********  decoding machinery  *************
     400             :  **********************************************/
     401             : 
     402             : /* Read one byte, return that byte or -1 on error or EOF. */
     403             : static int
     404           0 : read_byte (ksba_reader_t reader)
     405             : {
     406             :   unsigned char buf;
     407             :   size_t nread;
     408             :   int rc;
     409             : 
     410             :   do
     411           0 :     rc = ksba_reader_read (reader, &buf, 1, &nread);
     412           0 :   while (!rc && !nread);
     413           0 :   return rc? -1: buf;
     414             : }
     415             : 
     416             : /* Read COUNT bytes into buffer.  BUFFER may be NULL to skip over
     417             :    COUNT bytes.  Return 0 on success or -1 on error. */
     418             : static int
     419           0 : read_buffer (ksba_reader_t reader, char *buffer, size_t count)
     420             : {
     421             :   size_t nread;
     422             : 
     423           0 :   if (buffer)
     424             :     {
     425           0 :       while (count)
     426             :         {
     427           0 :           if (ksba_reader_read (reader, buffer, count, &nread))
     428           0 :             return -1;
     429           0 :           buffer += nread;
     430           0 :           count -= nread;
     431             :         }
     432             :     }
     433             :   else
     434             :     {
     435             :       char dummy[256];
     436             :       size_t n;
     437             : 
     438           0 :       while (count)
     439             :         {
     440           0 :           n = count > DIM(dummy) ? DIM(dummy): count;
     441           0 :           if (ksba_reader_read (reader, dummy, n, &nread))
     442           0 :             return -1;
     443           0 :           count -= nread;
     444             :         }
     445             :     }
     446           0 :   return 0;
     447             : }
     448             : 
     449             : /* Return 0 for no match, 1 for a match and 2 for an ANY match of an
     450             :    constructed type */
     451             : static int
     452           0 : cmp_tag (AsnNode node, const struct tag_info *ti)
     453             : {
     454           0 :   if (node->flags.class != ti->class)
     455             :     {
     456           0 :       if (node->flags.class == CLASS_UNIVERSAL && node->type == TYPE_ANY)
     457           0 :         return ti->is_constructed? 2:1;
     458           0 :       return 0;
     459             :     }
     460           0 :   if (node->type == TYPE_TAG)
     461             :     {
     462           0 :       return_val_if_fail (node->valuetype == VALTYPE_ULONG, 0);
     463           0 :       return node->value.v_ulong == ti->tag;
     464             :     }
     465           0 :   if (node->type == ti->tag)
     466           0 :     return 1;
     467           0 :   if (ti->class == CLASS_UNIVERSAL)
     468             :     {
     469           0 :       if (node->type == TYPE_SEQUENCE_OF && ti->tag == TYPE_SEQUENCE)
     470           0 :         return 1;
     471           0 :       if (node->type == TYPE_SET_OF && ti->tag == TYPE_SET)
     472           0 :         return 1;
     473           0 :       if (node->type == TYPE_ANY)
     474           0 :         return _ksba_asn_is_primitive (ti->tag)? 1:2;
     475             :     }
     476             : 
     477           0 :   return 0;
     478             : }
     479             : 
     480             : /* Find the node in the tree ROOT corresponding to TI and return that
     481             :    node.  Returns NULL if the node was not found */
     482             : static AsnNode
     483           0 : find_anchor_node (AsnNode root, const struct tag_info *ti)
     484             : {
     485           0 :   AsnNode node = root;
     486             : 
     487           0 :   while (node)
     488             :     {
     489           0 :       if (cmp_tag (node, ti))
     490             :         {
     491           0 :           return node; /* found */
     492             :         }
     493             : 
     494           0 :       if (node->down)
     495           0 :         node = node->down;
     496           0 :       else if (node == root)
     497           0 :         return NULL; /* not found */
     498           0 :       else if (node->right)
     499           0 :         node = node->right;
     500             :       else
     501             :         { /* go up and right */
     502             :           do
     503             :             {
     504           0 :               while (node->left && node->left->right == node)
     505           0 :                 node = node->left;
     506           0 :               node = node->left;
     507             : 
     508           0 :               if (!node || node == root)
     509           0 :                 return NULL; /* back at the root -> not found */
     510             :             }
     511           0 :           while (!node->right);
     512           0 :           node = node->right;
     513             :         }
     514             :     }
     515             : 
     516           0 :   return NULL;
     517             : }
     518             : 
     519             : static int
     520           0 : match_der (AsnNode root, const struct tag_info *ti,
     521             :            DECODER_STATE ds, AsnNode *retnode, int debug)
     522             : {
     523             :   int rc;
     524             :   AsnNode node;
     525             : 
     526           0 :   *retnode = NULL;
     527           0 :   node = ds->cur.node;
     528           0 :   if (!node)
     529             :     {
     530           0 :       if (debug)
     531           0 :         fputs ("  looking for anchor\n", stderr);
     532           0 :       node = find_anchor_node (root,  ti);
     533           0 :       if (!node)
     534           0 :         fputs (" anchor node not found\n", stderr);
     535             :     }
     536           0 :   else if (ds->cur.again)
     537             :     {
     538           0 :       if (debug)
     539           0 :         fputs ("  doing last again\n", stderr);
     540           0 :       ds->cur.again = 0;
     541             :     }
     542           0 :   else if (_ksba_asn_is_primitive (node->type) || node->type == TYPE_ANY
     543           0 :            || node->type == TYPE_SIZE || node->type == TYPE_DEFAULT )
     544             :     {
     545           0 :       if (debug)
     546           0 :         fputs ("  primitive type - get next\n", stderr);
     547           0 :       if (node->right)
     548           0 :         node = node->right;
     549           0 :       else if (!node->flags.in_choice)
     550             :         {
     551           0 :           if (node->flags.is_implicit)
     552             :             {
     553           0 :               if (debug)
     554           0 :                 fputs ("  node was implicit - advancing\n", stderr);
     555           0 :               while (node->left && node->left->right == node)
     556           0 :                 node = node->left;
     557           0 :               node = node->left; /* this is the up pointer */
     558           0 :               if (node)
     559           0 :                 node = node->right;
     560             :             }
     561             :           else
     562           0 :             node = NULL;
     563             :         }
     564             :       else /* in choice */
     565             :         {
     566           0 :           if (debug)
     567           0 :             fputs ("  going up after choice - get next\n", stderr);
     568           0 :           while (node->left && node->left->right == node)
     569           0 :             node = node->left;
     570           0 :           node = node->left; /* this is the up pointer */
     571           0 :           if (node)
     572           0 :             node = node->right;
     573             :         }
     574             :     }
     575           0 :   else if (node->type == TYPE_SEQUENCE_OF || node->type == TYPE_SET_OF)
     576             :     {
     577           0 :       if (debug)
     578             :         {
     579           0 :           fprintf (stderr, "  prepare for seq/set_of (%d %d)  ",
     580             :                   ds->cur.length, ds->cur.nread);
     581           0 :           fprintf (stderr, "  cur: ("); _ksba_asn_node_dump (node, stderr);
     582           0 :           fprintf (stderr, ")\n");
     583           0 :           if (ds->cur.node->flags.in_array)
     584           0 :             fputs ("  This is in an array!\n", stderr);
     585           0 :           if (ds->cur.went_up)
     586           0 :             fputs ("  And we are going up!\n", stderr);
     587             :         }
     588           0 :       if ((ds->cur.went_up && !ds->cur.node->flags.in_array) ||
     589           0 :           (ds->idx && ds->cur.nread >= ds->stack[ds->idx-1].length))
     590             :         {
     591           0 :           if (debug)
     592           0 :             fprintf (stderr, "  advancing\n");
     593           0 :           if (node->right)
     594           0 :             node = node->right;
     595             :           else
     596             :             {
     597             :               for (;;)
     598             :                 {
     599           0 :                   while (node->left && node->left->right == node)
     600           0 :                     node = node->left;
     601           0 :                   node = node->left; /* this is the up pointer */
     602           0 :                   if (!node)
     603           0 :                     break;
     604           0 :                   if (node->right)
     605             :                     {
     606           0 :                       node = node->right;
     607           0 :                       break;
     608             :                     }
     609             :                 }
     610             :             }
     611             :         }
     612           0 :       else if (ds->cur.node->flags.in_array
     613           0 :                && ds->cur.went_up)
     614             :         {
     615           0 :           if (debug)
     616           0 :             fputs ("  Reiterating\n", stderr);
     617           0 :           node = _ksba_asn_insert_copy (node);
     618           0 :           if (node)
     619           0 :             prepare_copied_tree (node);
     620             :         }
     621             :       else
     622           0 :         node = node->down;
     623             :     }
     624             :   else /* constructed */
     625             :     {
     626           0 :       if (debug)
     627             :         {
     628           0 :           fprintf (stderr, "  prepare for constructed (%d %d) ",
     629             :                   ds->cur.length, ds->cur.nread);
     630           0 :           fprintf (stderr, "  cur: ("); _ksba_asn_node_dump (node, stderr);
     631           0 :           fprintf (stderr, ")\n");
     632           0 :           if (ds->cur.node->flags.in_array)
     633           0 :             fputs ("  This is in an array!\n", stderr);
     634           0 :           if (ds->cur.went_up)
     635           0 :             fputs ("  And we are going up!\n", stderr);
     636             :         }
     637           0 :       ds->cur.in_seq_of = 0;
     638             : 
     639           0 :       if (ds->cur.node->flags.in_array
     640           0 :           && ds->cur.went_up)
     641             :         {
     642           0 :           if (debug)
     643           0 :             fputs ("  Reiterating this\n", stderr);
     644           0 :           node = _ksba_asn_insert_copy (node);
     645           0 :           if (node)
     646           0 :             prepare_copied_tree (node);
     647             :         }
     648           0 :       else if (ds->cur.went_up || ds->cur.next_tag || ds->cur.node->flags.skip_this)
     649             :         {
     650           0 :           if (node->right)
     651           0 :             node = node->right;
     652             :           else
     653             :             {
     654             :               for (;;)
     655             :                 {
     656           0 :                   while (node->left && node->left->right == node)
     657           0 :                     node = node->left;
     658           0 :                   node = node->left; /* this is the up pointer */
     659           0 :                   if (!node)
     660           0 :                     break;
     661           0 :                   if (node->right)
     662             :                     {
     663           0 :                       node = node->right;
     664           0 :                       break;
     665             :                     }
     666             :                 }
     667             :             }
     668             :         }
     669             :       else
     670           0 :         node = node->down;
     671             : 
     672             :     }
     673           0 :   if (!node)
     674           0 :     return -1;
     675           0 :   ds->cur.node = node;
     676           0 :   ds->cur.went_up = 0;
     677           0 :   ds->cur.next_tag = 0;
     678             : 
     679           0 :   if (debug)
     680             :     {
     681           0 :       fprintf (stderr, "  Expect ("); _ksba_asn_node_dump (node,stderr); fprintf (stderr, ")\n");
     682             :     }
     683             : 
     684           0 :   if (node->flags.skip_this)
     685             :     {
     686           0 :       if (debug)
     687           0 :         fprintf (stderr, "   skipping this\n");
     688           0 :       return 1;
     689             :     }
     690             : 
     691           0 :   if (node->type == TYPE_SIZE)
     692             :     {
     693           0 :       if (debug)
     694           0 :         fprintf (stderr, "   skipping size tag\n");
     695           0 :       return 1;
     696             :     }
     697           0 :   if (node->type == TYPE_DEFAULT)
     698             :     {
     699           0 :       if (debug)
     700           0 :         fprintf (stderr, "   skipping default tag\n");
     701           0 :       return 1;
     702             :     }
     703             : 
     704           0 :   if (node->flags.is_implicit)
     705             :     {
     706           0 :       if (debug)
     707           0 :         fprintf (stderr, "   dummy accept for implicit tag\n");
     708           0 :       return 1; /* again */
     709             :     }
     710             : 
     711           0 :   if ( (rc=cmp_tag (node, ti)))
     712             :     {
     713           0 :       *retnode = node;
     714           0 :       return rc==2? 4:3;
     715             :     }
     716             : 
     717           0 :   if (node->type == TYPE_CHOICE)
     718             :     {
     719           0 :       if (debug)
     720           0 :         fprintf (stderr, "   testing choice...\n");
     721           0 :       for (node = node->down; node; node = node->right)
     722             :         {
     723           0 :           if (debug)
     724             :             {
     725           0 :               fprintf (stderr, "       %s (", node->flags.skip_this? "skip":" cmp");
     726           0 :               _ksba_asn_node_dump (node, stderr);
     727           0 :               fprintf (stderr, ")\n");
     728             :             }
     729             : 
     730           0 :           if (!node->flags.skip_this && cmp_tag (node, ti) == 1)
     731             :             {
     732           0 :               if (debug)
     733             :                 {
     734           0 :                   fprintf (stderr, "  choice match <"); dump_tlv (ti, stderr);
     735           0 :                   fprintf (stderr, ">\n");
     736             :                 }
     737             :               /* mark the remaining as done */
     738           0 :               for (node=node->right; node; node = node->right)
     739           0 :                   node->flags.skip_this = 1;
     740           0 :               return 1;
     741             :             }
     742           0 :           node->flags.skip_this = 1;
     743             : 
     744             :         }
     745           0 :       node = ds->cur.node; /* reset */
     746             :     }
     747             : 
     748           0 :   if (node->flags.in_choice)
     749             :     {
     750           0 :       if (debug)
     751           0 :         fprintf (stderr, "   skipping non matching choice\n");
     752           0 :       return 1;
     753             :     }
     754             : 
     755           0 :   if (node->flags.is_optional)
     756             :     {
     757           0 :       if (debug)
     758           0 :         fprintf (stderr, "   skipping optional element\n");
     759           0 :       if (node->type == TYPE_TAG)
     760           0 :         ds->cur.next_tag = 1;
     761           0 :       return 1;
     762             :     }
     763             : 
     764           0 :   if (node->flags.has_default)
     765             :     {
     766           0 :       if (debug)
     767           0 :         fprintf (stderr, "   use default value\n");
     768           0 :       if (node->type == TYPE_TAG)
     769           0 :         ds->cur.next_tag = 1;
     770           0 :       *retnode = node;
     771           0 :       return 2;
     772             :     }
     773             : 
     774           0 :   return -1;
     775             : }
     776             : 
     777             : 
     778             : static gpg_error_t
     779           0 : decoder_init (BerDecoder d, const char *start_name)
     780             : {
     781           0 :   d->ds = new_decoder_state ();
     782             : 
     783           0 :   d->root = _ksba_asn_expand_tree (d->module, start_name);
     784           0 :   clear_help_flags (d->root);
     785           0 :   d->bypass = 0;
     786           0 :   if (d->debug)
     787           0 :     fprintf (stderr, "DECODER_INIT for `%s'\n", start_name? start_name: "[root]");
     788           0 :   return 0;
     789             : }
     790             : 
     791             : static void
     792           0 : decoder_deinit (BerDecoder d)
     793             : {
     794           0 :   release_decoder_state (d->ds);
     795           0 :   d->ds = NULL;
     796           0 :   d->val.node = NULL;
     797           0 :   if (d->debug)
     798           0 :     fprintf (stderr, "DECODER_DEINIT\n");
     799           0 : }
     800             : 
     801             : 
     802             : static gpg_error_t
     803           0 : decoder_next (BerDecoder d)
     804             : {
     805             :   struct tag_info ti;
     806           0 :   AsnNode node = NULL;
     807             :   gpg_error_t err;
     808           0 :   DECODER_STATE ds = d->ds;
     809           0 :   int debug = d->debug;
     810             : 
     811           0 :   if (d->ignore_garbage && d->fast_stop)
     812             :     {
     813             :       /* I am not anymore sure why we have this ignore_garbage
     814             :          machinery: The whole decoder needs and overhaul; it seems not
     815             :          to honor the length specification and runs for longer than
     816             :          expected.
     817             : 
     818             :          This here is another hack to not eat up an end tag - this is
     819             :          required in in some cases and in theory should be used always
     820             :          but we want to avoid any regression, thus this flag.  */
     821           0 :       return gpg_error (GPG_ERR_EOF);
     822             :     }
     823             : 
     824           0 :   err = _ksba_ber_read_tl (d->reader, &ti);
     825           0 :   if (err)
     826             :     {
     827           0 :       if (debug)
     828           0 :         fprintf (stderr, "ber_read_tl error: %s (%s)\n",
     829           0 :                  gpg_strerror (err), ti.err_string? ti.err_string:"");
     830             :       /* This is our actual hack to cope with some trailing garbage:
     831             :          Only if we get an premature EOF and we know that we have read
     832             :          the complete certificate we change the error to EOF.  This
     833             :          won't help with all kinds of garbage but it fixes the case
     834             :          where just one byte is appended.  This is for example the
     835             :          case with current Siemens certificates.  This approach seems
     836             :          to be the least intrusive one. */
     837           0 :       if (gpg_err_code (err) == GPG_ERR_BAD_BER
     838           0 :           && d->ignore_garbage
     839           0 :           && ti.err_string && !strcmp (ti.err_string, "premature EOF"))
     840           0 :         err = gpg_error (GPG_ERR_EOF);
     841           0 :       return err;
     842             :     }
     843             : 
     844           0 :   if (debug)
     845             :     {
     846           0 :       fprintf (stderr, "ReadTLV <");
     847           0 :       dump_tlv (&ti, stderr);
     848           0 :       fprintf (stderr, ">\n");
     849             :     }
     850             : 
     851             :   /* Check whether the trailing garbage hack is required. */
     852           0 :   if (!d->first_tag_seen)
     853             :     {
     854           0 :       d->first_tag_seen = 1;
     855           0 :       if (ti.tag == TYPE_SEQUENCE && ti.length && !ti.ndef)
     856           0 :         d->outer_sequence_length = ti.length;
     857             :     }
     858             : 
     859             :   /* Store stuff in the image buffer. */
     860           0 :   if (d->use_image)
     861             :     {
     862           0 :       if (!d->image.buf)
     863             :         {
     864             :           /* We need some extra bytes to store the stuff we read ahead
     865             :            * at the end of the module which is later pushed back.  We
     866             :            * also clear the buffer because there is no guarantee that
     867             :            * we will copy data to all bytes of the buffer: A broken
     868             :            * ASN.1 encoding may thus lead to access of uninitialized
     869             :            * data even if we make sure that that access is not our of
     870             :            * bounds. */
     871           0 :           d->image.used = 0;
     872           0 :           d->image.length = ti.length + 100;
     873           0 :           if (d->image.length < ti.length)
     874           0 :             return gpg_error (GPG_ERR_BAD_BER);
     875           0 :           if (d->image.length > MAX_IMAGE_LENGTH)
     876           0 :             return gpg_error (GPG_ERR_TOO_LARGE);
     877           0 :           d->image.buf = xtrycalloc (1, d->image.length);
     878           0 :           if (!d->image.buf)
     879           0 :             return gpg_error (GPG_ERR_ENOMEM);
     880             :         }
     881             : 
     882           0 :       if (sum_a1_a2_ge_b (ti.nhdr, d->image.used, d->image.length))
     883           0 :         return set_error (d, NULL, "image buffer too short to store the tag");
     884             : 
     885           0 :       memcpy (d->image.buf + d->image.used, ti.buf, ti.nhdr);
     886           0 :       d->image.used += ti.nhdr;
     887             :     }
     888             : 
     889             : 
     890           0 :   if (!d->bypass)
     891             :     {
     892             :       int again, endtag;
     893             : 
     894             :       do
     895             :         {
     896           0 :           again = endtag = 0;
     897           0 :           switch ( ds->cur.in_any? 4
     898           0 :                    : (ti.class == CLASS_UNIVERSAL && !ti.tag)? (endtag=1,5)
     899           0 :                    : match_der (d->root, &ti, ds, &node, debug))
     900             :             {
     901             :             case -1:
     902           0 :               if (debug)
     903             :                 {
     904           0 :                   fprintf (stderr, "   FAIL <");
     905           0 :                   dump_tlv (&ti, stderr);
     906           0 :                   fprintf (stderr, ">\n");
     907             :                 }
     908           0 :               if (d->honor_module_end)
     909             :                 {
     910             :                   /* We must push back the stuff we already read */
     911           0 :                   ksba_reader_unread (d->reader, ti.buf, ti.nhdr);
     912           0 :                   return gpg_error (GPG_ERR_EOF);
     913             :                 }
     914             :               else
     915           0 :                 d->bypass = 1;
     916           0 :               break;
     917             :             case 0:
     918           0 :               if (debug)
     919           0 :                 fputs ("  End of description\n", stderr);
     920           0 :               d->bypass = 1;
     921           0 :               break;
     922             :             case 1: /* again */
     923           0 :               if (debug)
     924           0 :                 fprintf (stderr, "  Again\n");
     925           0 :               again = 1;
     926           0 :               break;
     927             :             case 2: /* Use default value +  again */
     928           0 :               if (debug)
     929           0 :                 fprintf (stderr, "  Using default\n");
     930           0 :               again = 1;
     931           0 :               break;
     932             :             case 4: /* Match of ANY on a constructed type */
     933           0 :               if (debug)
     934           0 :                   fprintf (stderr, "  ANY");
     935           0 :               ds->cur.in_any = 1;
     936             :             case 3: /* match */
     937             :             case 5: /* end tag */
     938           0 :               if (debug)
     939             :                 {
     940           0 :                   fprintf (stderr, "  Match <");
     941           0 :                   dump_tlv (&ti, stderr);
     942           0 :                   fprintf (stderr, ">\n");
     943             :                 }
     944             :               /* Increment by the header length */
     945           0 :               ds->cur.nread += ti.nhdr;
     946             : 
     947           0 :               if (!ti.is_constructed)
     948           0 :                   ds->cur.nread += ti.length;
     949             : 
     950           0 :               ds->cur.went_up = 0;
     951             :               do
     952             :                 {
     953           0 :                   if (debug)
     954           0 :                     fprintf (stderr, "  (length %d nread %d) %s\n",
     955           0 :                             ds->idx? ds->stack[ds->idx-1].length:-1,
     956             :                             ds->cur.nread,
     957           0 :                             ti.is_constructed? "con":"pri");
     958           0 :                   if (d->outer_sequence_length
     959           0 :                       && ds->idx == 1
     960           0 :                       && ds->cur.nread == d->outer_sequence_length)
     961             :                     {
     962           0 :                       if (debug)
     963           0 :                         fprintf (stderr, "  Need to stop now\n");
     964           0 :                       d->ignore_garbage = 1;
     965             :                     }
     966             : 
     967           0 :                   if ( ds->idx
     968           0 :                        && !ds->stack[ds->idx-1].ndef_length
     969           0 :                        && (ds->cur.nread
     970           0 :                            > ds->stack[ds->idx-1].length))
     971             :                     {
     972           0 :                       fprintf (stderr, "ksba: ERROR: object length field "
     973             :                                "%d octects too large\n",
     974           0 :                                ds->cur.nread - ds->cur.length);
     975           0 :                       ds->cur.nread = ds->cur.length;
     976             :                     }
     977           0 :                   if ( ds->idx
     978           0 :                        && (endtag
     979           0 :                            || (!ds->stack[ds->idx-1].ndef_length
     980           0 :                                && (ds->cur.nread
     981           0 :                                    >= ds->stack[ds->idx-1].length))))
     982             :                     {
     983           0 :                       int n = ds->cur.nread;
     984           0 :                       err = pop_decoder_state (ds);
     985           0 :                       if (err)
     986           0 :                         return err;
     987           0 :                       ds->cur.nread += n;
     988           0 :                       ds->cur.went_up++;
     989             :                     }
     990           0 :                   endtag = 0;
     991             :                 }
     992           0 :               while ( ds->idx
     993           0 :                       && !ds->stack[ds->idx-1].ndef_length
     994           0 :                       && (ds->cur.nread
     995           0 :                           >= ds->stack[ds->idx-1].length));
     996             : 
     997           0 :               if (ti.is_constructed && (ti.length || ti.ndef))
     998             :                 {
     999             :                   /* prepare for the next level */
    1000           0 :                   ds->cur.length = ti.length;
    1001           0 :                   ds->cur.ndef_length = ti.ndef;
    1002           0 :                   err = push_decoder_state (ds);
    1003           0 :                   if (err)
    1004           0 :                     return err;
    1005           0 :                   ds->cur.length = 0;
    1006           0 :                   ds->cur.ndef_length = 0;
    1007           0 :                   ds->cur.nread = 0;
    1008             :                 }
    1009           0 :               if (debug)
    1010           0 :                 fprintf (stderr, "  (length %d nread %d) end\n",
    1011           0 :                         ds->idx? ds->stack[ds->idx-1].length:-1,
    1012             :                         ds->cur.nread);
    1013           0 :               break;
    1014             :             default:
    1015           0 :               never_reached ();
    1016           0 :               abort ();
    1017             :               break;
    1018             :             }
    1019             :         }
    1020           0 :       while (again);
    1021             :     }
    1022             : 
    1023           0 :   d->val.primitive = !ti.is_constructed;
    1024           0 :   d->val.length = ti.length;
    1025           0 :   d->val.nhdr = ti.nhdr;
    1026           0 :   d->val.tag  = ti.tag; /* kludge to fix TYPE_ANY probs */
    1027           0 :   d->val.is_endtag = (ti.class == CLASS_UNIVERSAL && !ti.tag);
    1028           0 :   d->val.node = d->bypass? NULL : node;
    1029           0 :   if (debug)
    1030           0 :     dump_decoder_state (ds);
    1031             : 
    1032           0 :   return 0;
    1033             : }
    1034             : 
    1035             : static gpg_error_t
    1036           0 : decoder_skip (BerDecoder d)
    1037             : {
    1038           0 :   if (d->val.primitive)
    1039             :     {
    1040           0 :       if (read_buffer (d->reader, NULL, d->val.length))
    1041           0 :         return eof_or_error (d, 1);
    1042             :     }
    1043           0 :   return 0;
    1044             : }
    1045             : 
    1046             : 
    1047             : 
    1048             : /* Calculate the distance between the 2 nodes */
    1049             : static int
    1050           0 : distance (AsnNode root, AsnNode node)
    1051             : {
    1052           0 :   int n=0;
    1053             : 
    1054           0 :   while (node && node != root)
    1055             :     {
    1056           0 :       while (node->left && node->left->right == node)
    1057           0 :         node = node->left;
    1058           0 :       node = node->left;
    1059           0 :       n++;
    1060             :     }
    1061             : 
    1062           0 :   return n;
    1063             : }
    1064             : 
    1065             : 
    1066             : /**
    1067             :  * _ksba_ber_decoder_dump:
    1068             :  * @d: Decoder object
    1069             :  *
    1070             :  * Dump a textual representation of the encoding to the given stream.
    1071             :  *
    1072             :  * Return value:
    1073             :  **/
    1074             : gpg_error_t
    1075           0 : _ksba_ber_decoder_dump (BerDecoder d, FILE *fp)
    1076             : {
    1077             :   gpg_error_t err;
    1078           0 :   int depth = 0;
    1079             :   AsnNode node;
    1080           0 :   unsigned char *buf = NULL;
    1081           0 :   size_t buflen = 0;
    1082             : 
    1083           0 :   if (!d)
    1084           0 :     return gpg_error (GPG_ERR_INV_VALUE);
    1085             : 
    1086             : #ifdef HAVE_GETENV
    1087           0 :   d->debug = !!getenv("KSBA_DEBUG_BER_DECODER");
    1088             : #else
    1089             :   d->debug = 0;
    1090             : #endif
    1091           0 :   d->use_image = 0;
    1092           0 :   d->image.buf = NULL;
    1093           0 :   err = decoder_init (d, NULL);
    1094           0 :   if (err)
    1095           0 :     return err;
    1096             : 
    1097           0 :   while (!(err = decoder_next (d)))
    1098             :     {
    1099           0 :       node = d->val.node;
    1100           0 :       if (node)
    1101           0 :         depth = distance (d->root, node);
    1102             : 
    1103           0 :       fprintf (fp, "%4lu %4lu:%*s",
    1104           0 :                ksba_reader_tell (d->reader) - d->val.nhdr,
    1105           0 :                (unsigned long)d->val.length,
    1106             :                depth*2, "");
    1107           0 :       if (node)
    1108           0 :         _ksba_asn_node_dump (node, fp);
    1109             :       else
    1110           0 :         fputs ("[No matching node]", fp);
    1111             : 
    1112           0 :       if (node && d->val.primitive)
    1113           0 :         {
    1114             :           size_t n;
    1115             :           int i, c;
    1116             :           char *p;
    1117             : 
    1118           0 :           if (!buf || buflen < d->val.length)
    1119             :             {
    1120           0 :               xfree (buf);
    1121           0 :               buf = NULL;
    1122           0 :               buflen = d->val.length + 100;
    1123           0 :               if (buflen < d->val.length)
    1124           0 :                 err = gpg_error (GPG_ERR_BAD_BER); /* Overflow */
    1125           0 :               else if (buflen > MAX_IMAGE_LENGTH)
    1126           0 :                 err = gpg_error (GPG_ERR_TOO_LARGE);
    1127             :               else
    1128             :                 {
    1129           0 :                   buf = xtrymalloc (buflen);
    1130           0 :                   if (!buf)
    1131           0 :                     err = gpg_error_from_syserror ();
    1132             :                 }
    1133             :             }
    1134             : 
    1135           0 :           for (n=0; !err && n < d->val.length; n++)
    1136             :             {
    1137           0 :               if ( (c=read_byte (d->reader)) == -1)
    1138           0 :                 err = eof_or_error (d, 1);
    1139           0 :               buf[n] = c;
    1140             :             }
    1141           0 :           if (err)
    1142           0 :             break;
    1143           0 :           fputs ("  (", fp);
    1144           0 :           p = NULL;
    1145           0 :           switch (node->type)
    1146             :             {
    1147             :             case TYPE_OBJECT_ID:
    1148           0 :               p = ksba_oid_to_str (buf, n);
    1149           0 :               break;
    1150             :             default:
    1151           0 :               for (i=0; i < n && (d->debug || i < 20); i++)
    1152           0 :                 fprintf (fp,"%02x", buf[i]);
    1153           0 :               if (i < n)
    1154           0 :                 fputs ("..more..", fp);
    1155           0 :               break;
    1156             :             }
    1157           0 :           if (p)
    1158             :             {
    1159           0 :               fputs (p, fp);
    1160           0 :               xfree (p);
    1161             :             }
    1162           0 :           fputs (")\n", fp);
    1163             :         }
    1164             :       else
    1165             :         {
    1166           0 :           err = decoder_skip (d);
    1167           0 :           putc ('\n', fp);
    1168             :         }
    1169           0 :       if (err)
    1170           0 :         break;
    1171             : 
    1172             :     }
    1173           0 :   if (gpg_err_code (err) == GPG_ERR_EOF)
    1174           0 :     err = 0;
    1175             : 
    1176           0 :   decoder_deinit (d);
    1177           0 :   xfree (buf);
    1178           0 :   return err;
    1179             : }
    1180             : 
    1181             : 
    1182             : 
    1183             : 
    1184             : gpg_error_t
    1185           0 : _ksba_ber_decoder_decode (BerDecoder d, const char *start_name,
    1186             :                           unsigned int flags,
    1187             :                           AsnNode *r_root,
    1188             :                           unsigned char **r_image, size_t *r_imagelen)
    1189             : {
    1190             :   gpg_error_t err;
    1191             :   AsnNode node;
    1192           0 :   unsigned char *buf = NULL;
    1193           0 :   size_t buflen = 0;
    1194             :   unsigned long startoff;
    1195             : 
    1196           0 :   if (!d)
    1197           0 :     return gpg_error (GPG_ERR_INV_VALUE);
    1198             : 
    1199           0 :   if (r_root)
    1200           0 :     *r_root = NULL;
    1201             : 
    1202             : #ifdef HAVE_GETENV
    1203           0 :   d->debug = !!getenv("KSBA_DEBUG_BER_DECODER");
    1204             : #else
    1205             :   d->debug = 0;
    1206             : #endif
    1207           0 :   d->honor_module_end = 1;
    1208           0 :   d->use_image = 1;
    1209           0 :   d->image.buf = NULL;
    1210           0 :   d->fast_stop = !!(flags & BER_DECODER_FLAG_FAST_STOP);
    1211             : 
    1212           0 :   startoff = ksba_reader_tell (d->reader);
    1213             : 
    1214           0 :   err = decoder_init (d, start_name);
    1215           0 :   if (err)
    1216           0 :     return err;
    1217             : 
    1218           0 :   while (!(err = decoder_next (d)))
    1219             :     {
    1220           0 :       node = d->val.node;
    1221             :       /* Fixme: USE_IMAGE is only not used with the ber-dump utility
    1222             :          and thus of no big use.  We should remove the other code
    1223             :          paths and dump ber-dump.c. */
    1224           0 :       if (d->use_image)
    1225             :         {
    1226           0 :           if (node && !d->val.is_endtag)
    1227             :             { /* We don't have nodes for the end tag - so don't store it */
    1228           0 :               node->off = (ksba_reader_tell (d->reader)
    1229           0 :                            - d->val.nhdr - startoff);
    1230           0 :               node->nhdr = d->val.nhdr;
    1231           0 :               node->len = d->val.length;
    1232           0 :               if (node->type == TYPE_ANY)
    1233           0 :                 node->actual_type = d->val.tag;
    1234             :             }
    1235           0 :           if (sum_a1_a2_gt_b (d->image.used, d->val.length, d->image.length))
    1236           0 :             err = set_error(d, NULL, "TLV length too large");
    1237           0 :           else if (d->val.primitive)
    1238             :             {
    1239           0 :               if( read_buffer (d->reader,
    1240           0 :                                d->image.buf + d->image.used, d->val.length))
    1241           0 :                 err = eof_or_error (d, 1);
    1242             :               else
    1243             :                 {
    1244           0 :                   size_t sum = d->image.used + d->val.length;
    1245           0 :                   if (sum < d->image.used)
    1246           0 :                     err = gpg_error (GPG_ERR_BAD_BER);
    1247             :                   else
    1248           0 :                     d->image.used = sum;
    1249             :                 }
    1250             :             }
    1251             :         }
    1252           0 :       else if (node && d->val.primitive)
    1253           0 :         {
    1254             :           size_t n;
    1255             :           int c;
    1256             : 
    1257           0 :           if (!buf || buflen < d->val.length)
    1258             :             {
    1259           0 :               xfree (buf);
    1260           0 :               buf = NULL;
    1261           0 :               buflen = d->val.length + 100;
    1262           0 :               if (buflen < d->val.length)
    1263           0 :                 err = gpg_error (GPG_ERR_BAD_BER);
    1264           0 :               else if (buflen > MAX_IMAGE_LENGTH)
    1265           0 :                 err = gpg_error (GPG_ERR_TOO_LARGE);
    1266             :               else
    1267             :                 {
    1268           0 :                   buf = xtrymalloc (buflen);
    1269           0 :                   if (!buf)
    1270           0 :                     err = gpg_error_from_syserror ();
    1271             :                 }
    1272             :             }
    1273             : 
    1274           0 :           for (n=0; !err && n < d->val.length; n++)
    1275             :             {
    1276           0 :               if ( (c=read_byte (d->reader)) == -1)
    1277           0 :                 err = eof_or_error (d, 1);
    1278           0 :               buf[n] = c;
    1279             :             }
    1280           0 :           if (err)
    1281           0 :             break;
    1282             : 
    1283           0 :           switch (node->type)
    1284             :             {
    1285             :             default:
    1286           0 :               _ksba_asn_set_value (node, VALTYPE_MEM, buf, n);
    1287           0 :               break;
    1288             :             }
    1289             :         }
    1290             :       else
    1291             :         {
    1292           0 :           err = decoder_skip (d);
    1293             :         }
    1294           0 :       if (err)
    1295           0 :         break;
    1296             :     }
    1297           0 :   if (gpg_err_code (err) == GPG_ERR_EOF)
    1298           0 :     err = 0;
    1299             : 
    1300           0 :   if (err)
    1301           0 :     xfree (d->image.buf);
    1302             : 
    1303           0 :   if (r_root && !err)
    1304             :     {
    1305           0 :       if (!d->image.buf)
    1306             :         { /* Not even the first node available - return eof */
    1307           0 :           _ksba_asn_release_nodes (d->root);
    1308           0 :           d->root = NULL;
    1309           0 :           err = gpg_error (GPG_ERR_EOF);
    1310             :         }
    1311             : 
    1312           0 :       fixup_type_any (d->root);
    1313           0 :       *r_root = d->root;
    1314           0 :       d->root = NULL;
    1315           0 :       *r_image = d->image.buf;
    1316           0 :       d->image.buf = NULL;
    1317           0 :       *r_imagelen = d->image.used;
    1318           0 :       if (d->debug)
    1319             :         {
    1320           0 :           fputs ("Value Tree:\n", stderr);
    1321           0 :           _ksba_asn_node_dump_all (*r_root, stderr);
    1322             :         }
    1323             :     }
    1324             : 
    1325           0 :   decoder_deinit (d);
    1326           0 :   xfree (buf);
    1327           0 :   return err;
    1328             : }

Generated by: LCOV version 1.12