Reject reserved values and indefinite lengths
RFC 8949 defines additional information values 28, 29, 30 and 31 as
either reserved or indicating indefinite length values. Reject all of
these.
Test: cppbor_host_test_external
Change-Id: Ic9ae7630c8f75d060e4199d375c1f696699a4f66
diff --git a/src/cppbor_parse.cpp b/src/cppbor_parse.cpp
index 5cf76b2..fcf0dac 100644
--- a/src/cppbor_parse.cpp
+++ b/src/cppbor_parse.cpp
@@ -202,8 +202,13 @@
bool success = true;
uint64_t addlData;
- if (tagInt < ONE_BYTE_LENGTH || tagInt > EIGHT_BYTE_LENGTH) {
+ if (tagInt < ONE_BYTE_LENGTH) {
addlData = tagInt;
+ } else if (tagInt > EIGHT_BYTE_LENGTH) {
+ parseClient->error(
+ begin,
+ "Reserved additional information value or unsupported indefinite length item.");
+ return {begin, nullptr};
} else {
switch (tagInt) {
case ONE_BYTE_LENGTH:
diff --git a/tests/cppbor_test.cpp b/tests/cppbor_test.cpp
index 8a81e4e..ef98519 100644
--- a/tests/cppbor_test.cpp
+++ b/tests/cppbor_test.cpp
@@ -1714,6 +1714,26 @@
EXPECT_THAT(item, MatchesItem(val));
}
+TEST(FullParserTest, ReservedAdditionalInformation) {
+ vector<uint8_t> reservedVal = {0x1D};
+
+ auto [item, pos, message] = parse(reservedVal);
+ EXPECT_THAT(item, IsNull());
+ EXPECT_EQ(pos, reservedVal.data());
+ EXPECT_EQ("Reserved additional information value or unsupported indefinite length item.",
+ message);
+}
+
+TEST(FullParserTest, IndefiniteArray) {
+ vector<uint8_t> indefiniteArray = {0x7F};
+
+ auto [item, pos, message] = parse(indefiniteArray);
+ EXPECT_THAT(item, IsNull());
+ EXPECT_EQ(pos, indefiniteArray.data());
+ EXPECT_EQ("Reserved additional information value or unsupported indefinite length item.",
+ message);
+}
+
TEST(MapGetValueByKeyTest, Map) {
Array compoundItem(1, 2, 3, 4, 5, Map(4, 5, "a", "b"));
auto clone = compoundItem.clone();