#
1.26 |
|
10-Nov-2023 |
martijn |
Give ober_printf_elements() a ber_element array, similar to ober_scanf_elements(). This allows us to move down and back up multiple levels in with nested sequences and sets.
While here, on failure, make sure we free (and unlink if needed) all elements we created.
OK claudio@, tb@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.25 |
|
22-Aug-2023 |
gerhard |
Don't fail in ober_scanf_elements() when encountering empty sequences.
Ok martijn@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.24 |
|
03-Nov-2022 |
martijn |
When decoding a sequence/set, make sure that: - We don't create an uninitialized element when there are no subelements to decode - If subelements overflow we return EINVAL
While here fix an eyesore of a line continuation.
OK claudio@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.23 |
|
21-Oct-2021 |
martijn |
Sync ober_oid_cmp with ax_oid_cmp from libagentx. This flips the returned signedness and adds the weight of 2 for parent-child relationship in both direction.
This makes ober_oid_cmp consistent with the rest of the *_cmp based functions.
OK tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
29-Aug-2021 |
martijn |
Add ober_dup. Needed for upcoming SNMPv3 support for trap receiver in snmpd(8).
OK jmatthew@ OK deraadt@ for bumping libutil now.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.21 |
|
22-Feb-2021 |
martijn |
Make the ober_get_* set of function to accept a NULL-pointer. This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@ OK claudio@
|
#
1.20 |
|
28-Jan-2021 |
martijn |
Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL.
No lib bump needed according to millert@ OK millert@ rob@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.25 |
|
22-Aug-2023 |
gerhard |
Don't fail in ober_scanf_elements() when encountering empty sequences.
Ok martijn@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.24 |
|
03-Nov-2022 |
martijn |
When decoding a sequence/set, make sure that: - We don't create an uninitialized element when there are no subelements to decode - If subelements overflow we return EINVAL
While here fix an eyesore of a line continuation.
OK claudio@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.23 |
|
21-Oct-2021 |
martijn |
Sync ober_oid_cmp with ax_oid_cmp from libagentx. This flips the returned signedness and adds the weight of 2 for parent-child relationship in both direction.
This makes ober_oid_cmp consistent with the rest of the *_cmp based functions.
OK tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
29-Aug-2021 |
martijn |
Add ober_dup. Needed for upcoming SNMPv3 support for trap receiver in snmpd(8).
OK jmatthew@ OK deraadt@ for bumping libutil now.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.21 |
|
22-Feb-2021 |
martijn |
Make the ober_get_* set of function to accept a NULL-pointer. This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@ OK claudio@
|
#
1.20 |
|
28-Jan-2021 |
martijn |
Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL.
No lib bump needed according to millert@ OK millert@ rob@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.24 |
|
03-Nov-2022 |
martijn |
When decoding a sequence/set, make sure that: - We don't create an uninitialized element when there are no subelements to decode - If subelements overflow we return EINVAL
While here fix an eyesore of a line continuation.
OK claudio@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.23 |
|
21-Oct-2021 |
martijn |
Sync ober_oid_cmp with ax_oid_cmp from libagentx. This flips the returned signedness and adds the weight of 2 for parent-child relationship in both direction.
This makes ober_oid_cmp consistent with the rest of the *_cmp based functions.
OK tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
29-Aug-2021 |
martijn |
Add ober_dup. Needed for upcoming SNMPv3 support for trap receiver in snmpd(8).
OK jmatthew@ OK deraadt@ for bumping libutil now.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.21 |
|
22-Feb-2021 |
martijn |
Make the ober_get_* set of function to accept a NULL-pointer. This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@ OK claudio@
|
#
1.20 |
|
28-Jan-2021 |
martijn |
Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL.
No lib bump needed according to millert@ OK millert@ rob@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.23 |
|
21-Oct-2021 |
martijn |
Sync ober_oid_cmp with ax_oid_cmp from libagentx. This flips the returned signedness and adds the weight of 2 for parent-child relationship in both direction.
This makes ober_oid_cmp consistent with the rest of the *_cmp based functions.
OK tb@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.22 |
|
29-Aug-2021 |
martijn |
Add ober_dup. Needed for upcoming SNMPv3 support for trap receiver in snmpd(8).
OK jmatthew@ OK deraadt@ for bumping libutil now.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.21 |
|
22-Feb-2021 |
martijn |
Make the ober_get_* set of function to accept a NULL-pointer. This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@ OK claudio@
|
#
1.20 |
|
28-Jan-2021 |
martijn |
Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL.
No lib bump needed according to millert@ OK millert@ rob@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.22 |
|
29-Aug-2021 |
martijn |
Add ober_dup. Needed for upcoming SNMPv3 support for trap receiver in snmpd(8).
OK jmatthew@ OK deraadt@ for bumping libutil now.
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.21 |
|
22-Feb-2021 |
martijn |
Make the ober_get_* set of function to accept a NULL-pointer. This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@ OK claudio@
|
#
1.20 |
|
28-Jan-2021 |
martijn |
Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL.
No lib bump needed according to millert@ OK millert@ rob@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.21 |
|
22-Feb-2021 |
martijn |
Make the ober_get_* set of function to accept a NULL-pointer. This allows us to do ber-type checking inside ober_scanf_elements, which will allow for stricter ASN.1 parsing in the future.
Manpage feedback and OK claudio@, jmc@ OK claudio@
|
#
1.20 |
|
28-Jan-2021 |
martijn |
Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL.
No lib bump needed according to millert@ OK millert@ rob@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.20 |
|
28-Jan-2021 |
martijn |
Add '$' to ober_scanf_elements(). This allows us to enforce end of sequence/set without having to manually check be_next for NULL.
No lib bump needed according to millert@ OK millert@ rob@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.19 |
|
22-Jan-2021 |
rob |
Gracefully handle any erroneous closing bracket/brace trailers in ober_scanf_elements().
OK martijn@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.18 |
|
22-Jan-2021 |
rob |
Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer.
Tweaked and OK martijn@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.17 |
|
03-Sep-2020 |
martijn |
Missed one case of errno not being set in previous.
double check and OK tb@
|
#
1.16 |
|
03-Sep-2020 |
martijn |
Make sure ober_read_elements sets errno on every case where NULL is returned.
OK deraadt@ tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
branches: 1.14.2; Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.15 |
|
24-Oct-2019 |
tb |
The ber_* namespace is used by liblber since time immemorial, so move our BER API to the unused ober_* prefix to avoid some breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but there are many others as pointed out by sthen.
tests & ok rob ok sthen (who had an almost identical diff for libutil) "go head hit it" deraadt
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.14 |
|
15-Aug-2019 |
martijn |
Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.14 |
|
15-Aug-2019 |
martijn |
Revert previous. There were some users of the quirky behaviour that were missed during code scan.
|
#
1.13 |
|
14-Aug-2019 |
martijn |
Make ber_scanf_elements's 'e' attribute eat the element. Right now all consumers use 'e' at the end of the list, so no regressions should be introduced.
OK claudio@ Seems sensible to deraadt@
|
#
1.12 |
|
14-Aug-2019 |
martijn |
Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice.
OK claudio@ on previous version OK rob@
|
#
1.11 |
|
05-Aug-2019 |
martijn |
Don't use a 0 element to determine the end of an OID when comparing two OIDS. This can result in false equality matches.
OK claudio@
|
#
1.10 |
|
05-Aug-2019 |
martijn |
There's no reason why the first digit of an OID can't be 0.
OK claudio@ "Good find" deraadt@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.9 |
|
01-Jun-2019 |
rob |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.8 |
|
21-May-2019 |
rob |
whitespace
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.7 |
|
16-May-2019 |
rob |
Add XXX to a comment.
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.6 |
|
12-May-2019 |
rob |
Enable support for the writting of BITSTRING by treating it as an OCTETSTRING.
ok claudio@
|
#
1.5 |
|
12-May-2019 |
rob |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
|
#
1.4 |
|
12-May-2019 |
rob |
Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1.
ok claudio@
|
#
1.3 |
|
12-May-2019 |
rob |
Enforce minimal number of octets for tag > 30.
"sure" claudio@
|
#
1.2 |
|
12-May-2019 |
rob |
In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use.
ok claudio@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
#
1.1 |
|
11-May-2019 |
rob |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|