Overrun in TLV parser #59
Labels
Comments
|
This is correct and I've tagged it as a bug. My intention is to review the TLVReader class, but most importantly it needs a validate() method that checks the tag and length values for comformance and sanity before allowing it to be used. Unfortunately as in your case, it 'failed successfully', which may result in other perso scripts that have worked in the past failing because they had incorrect length values on the outer container. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The TLV parser will read nested TLVs beyond the length of their parent container. Consider the nested TLV below:
010108 020100 0303000000this parses correctly.
Now consider the erroneous TLV below:
010106 020100 0303000000This also parses with no error despite the length of the top level container being set, erroneously, to 6 vs 8.
We encountered this while reviewing our pre-personalization of the CHUID container. In our case we had changed from 1 byte to 3 byte container IDs but we had neglected to add 2 to the overall container length. Despite the error, pre-provisioning worked fine when it should have failed.
The text was updated successfully, but these errors were encountered: