)]}' { "commit": "866cccc5484c94a51f01132677ad2c7f72a9f077", "tree": "243f85ef034d3b69ebed6d6f3a14205e72c2d357", "parents": [ "c9b75aff28a9dac52bc92987f7c4288fbf17dc33" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Aug 10 01:35:51 2021 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Sep 09 20:08:14 2021 +0000" }, "message": "Reject missing required fields in i2d functions.\n\nSee also 006906cddda37e24a66443199444ef4476697477 from OpenSSL, though\nthis CL uses a different strategy from upstream. Upstream makes\nASN1_item_ex_i2d continue to allow optionals and checks afterwards at\nevery non-optional call site. This CL pushes down an optional parameter\nand says functions cannot omit items unless explicitly allowed.\n\nI think this is a better default, though it is a larger change. Fields\nare only optional when they come from an ASN1_TEMPLATE with the OPTIONAL\nflag. Upstream\u0027s strategy misses top-level calls.\n\nThis CL additionally adds checks for optional ASN1_TEMPLATEs in contexts\nwhere it doesn\u0027t make sense. Only fields of SEQUENCEs and SETs may be\nOPTIONAL, but the ASN1_ITEM/ASN1_TEMPLATE split doesn\u0027t quite match\nASN.1 itself. ASN1_TEMPLATE is additionally responsible for\nexplicit/implicit tagging, and SEQUENCE/SET OF. That means CHOICE arms\nand the occasional top-level type (ASN1_ITEM_TEMPLATE) use ASN1_TEMPLATE\nbut will get confused if marked optional.\n\nAs part of this, i2d_FOO(NULL) now returns -1 rather than \"successfully\"\nwriting 0 bytes. If we want to allow NULL at the top-level, that\u0027s not\ntoo hard to arrange, but our CBB-based i2d functions do not.\n\nUpdate-Note: Structures with missing mandatory fields can no longer be\nencoded. Note that, apart from the cases already handled by preceding\nCLs, tasn_new.c will fill in non-NULL empty objects everywhere. The main\ndownstream impact I\u0027ve seen of this particular change is in combination\nwith other bugs. Consider a caller that does:\n\n GENERAL_NAME *name \u003d GENERAL_NAME_new();\n name-\u003etype \u003d GEN_DNS;\n name-\u003ed.dNSName \u003d DoSomethingComplicated(...);\n\nSuppose DoSomethingComplicated() was actually fallible and returned\nNULL, but the caller forgot to check. They\u0027d now construct a\nGENERAL_NAME with a missing field. Previously, this would silently\nserialize some garbage (omitted field) or empty string. Now we fail to\nencode, but the true error was the uncaught DoSomethingComplicated()\nfailure. (Which likely was itself a bug.)\n\nBug: 429\nChange-Id: I37fe618761be64a619be9fdc8d416f24ecbb8c46\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49350\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "6de1483eb3eee5769fe96c04af48d83ec476b338", "old_mode": 33188, "old_path": ".clang-format", "new_id": "8f9cb6c5226851c06f69b659b9be5e76acedd063", "new_mode": 33188, "new_path": ".clang-format" }, { "type": "modify", "old_id": "91ebb7a83de2b71ebf851017acb6f54c9b2c9d11", "old_mode": 33188, "old_path": "crypto/asn1/a_object.c", "new_id": "b88f06b82a2b3866fd0286ae6934055b7680e842", "new_mode": 33188, "new_path": "crypto/asn1/a_object.c" }, { "type": "modify", "old_id": "5cd17af912b8a0ef7e91fca50200d7f457621783", "old_mode": 33188, "old_path": "crypto/asn1/asn1_test.cc", "new_id": "9119deab2298173c9ab2bb4c693299aa425d7b78", "new_mode": 33188, "new_path": "crypto/asn1/asn1_test.cc" }, { "type": "modify", "old_id": "b995ede9743e84fd24cc8f439821cebfc3e70bc6", "old_mode": 33188, "old_path": "crypto/asn1/internal.h", "new_id": "e30be16944aae03ea20f0ac2bf2a22a5ca84f0e1", "new_mode": 33188, "new_path": "crypto/asn1/internal.h" }, { "type": "modify", "old_id": "7e79da2aa7985e81ceac8f0dbfcab523b5a83168", "old_mode": 33188, "old_path": "crypto/asn1/tasn_enc.c", "new_id": "6dddb52700227e8938cdd95f1c1ce217afe64827", "new_mode": 33188, "new_path": "crypto/asn1/tasn_enc.c" }, { "type": "modify", "old_id": "38cceb14dff8566203f6444edab1a7494036e1fb", "old_mode": 33188, "old_path": "crypto/x509/x_x509.c", "new_id": "9d350bdb3eb11776e55a73e6893e7ffa2985e0ba", "new_mode": 33188, "new_path": "crypto/x509/x_x509.c" } ] }