--- /dev/null
+/*
+ * Attempt to decode either one file, or every file in cwd,
+ * as a cert. Used to study vulnerability to NISCC cert DOS attacks.
+ */
+#include <Security/SecAsn1Coder.h>
+#include <Security/X509Templates.h>
+#include <security_cdsa_utils/cuFileIo.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+
+static void usage(char **argv)
+{
+ printf("usage: %s [-l(oop))] [certFile]\n", argv[0]);
+ exit(1);
+}
+
+/*
+ * Known file names to NOT parse
+ */
+static const char *skipTheseFiles[] =
+{
+ /* standard entries */
+ ".",
+ "..",
+ "CVS",
+ ".cvsignore",
+ /* the certs we know crash */
+ #if 0
+ "00000668",
+ "00000681",
+ "00001980",
+ "00002040",
+ "00002892",
+ "00007472",
+ "00008064",
+ "00008656",
+ "00009840",
+ "00010432",
+ "00011614", // trouble somewhere in this neighborhood
+ "00011615",
+ "00011616",
+ #endif
+ NULL
+};
+
+/* returns false if specified fileName is in skipTheseFiles[] */
+static bool shouldWeParse(
+ const char *fileName) // C string
+{
+ for(const char **stf=skipTheseFiles; *stf!=NULL; stf++) {
+ const char *tf = *stf;
+ if(!strcmp(fileName, *stf)) {
+ return false;
+ }
+ }
+ return true;
+}
+
+/*
+ * Just try to decode - if SecAsn1Decode returns, good 'nuff.
+ * Returns true if it does (i.e. ignore decode error; we're trying
+ * to detect a crash when the decoder should return an error).
+ */
+bool decodeCert(
+ const void *certData,
+ size_t certDataLen)
+{
+ SecAsn1CoderRef coder = NULL;
+ NSS_Certificate nssCert;
+ NSS_SignedCertOrCRL certOrCrl;
+
+ SecAsn1CoderCreate(&coder);
+
+ /* first the full decode */
+ memset(&nssCert, 0, sizeof(nssCert));
+ SecAsn1Decode(coder, certData, certDataLen, kSecAsn1SignedCertTemplate, &nssCert);
+
+ /* now the "just TBS and sig" decode - this is actually harder
+ * due to nested SEC_ASN1_SAVE ops */
+ memset(&certOrCrl, 0, sizeof(NSS_SignedCertOrCRL));
+ SecAsn1Decode(coder, certData, certDataLen, kSecAsn1SignedCertOrCRLTemplate, &certOrCrl);
+
+ SecAsn1CoderRelease(coder);
+ return true;
+}
+
+int main(int argc, char **argv)
+{
+ bool quiet = false;
+ unsigned char *certData;
+ unsigned certDataLen;
+ bool loop = false;
+ int filearg = 1;
+
+ if(argc > 3 ) {
+ usage(argv);
+ }
+ if((argc > 1) && (argv[1][0] == '-')) {
+ switch(argv[1][1]) {
+ case 'l':
+ loop = true;
+ break;
+ default:
+ usage(argv);
+ }
+ filearg++;
+ argc--;
+ }
+ if(argc == 2) {
+ /* read & parse one file */
+ char *oneFile = argv[filearg];
+ if(readFile(oneFile, &certData, &certDataLen)) {
+ printf("\n***Error reading file %s. Aborting.\n", oneFile);
+ exit(1);
+ }
+ do {
+ if(!quiet) {
+ printf("...%s", oneFile);
+ fflush(stdout);
+ }
+ if(!decodeCert(certData, certDataLen)) {
+ printf("\n***GOT AN EXCEPTION ON %s\n", oneFile);
+ exit(1);
+ }
+ } while(loop);
+ free(certData);
+ exit(0);
+ }
+ DIR *dir = opendir(".");
+ if(dir == NULL) {
+ printf("Huh? Can't open . as a directory.\n");
+ exit(1);
+ }
+ struct dirent *de = readdir(dir);
+ while(de != NULL) {
+ char filename[MAXNAMLEN + 1];
+ memmove(filename, de->d_name, de->d_namlen);
+ filename[de->d_namlen] = '\0';
+ if(shouldWeParse(filename)) {
+ if(!quiet) {
+ printf("...%s", filename);
+ fflush(stdout);
+ }
+ if(readFile(filename, &certData, &certDataLen)) {
+ printf("\n***Error reading file %s. Aborting.\n", filename);
+ exit(1);
+ }
+ if(!decodeCert(certData, certDataLen)) {
+ printf("\n***GOT AN EXCEPTION ON %s\n", filename);
+ exit(1);
+ }
+ free(certData);
+ }
+ de = readdir(dir);
+ }
+ closedir(dir);
+ printf("\ncertDecode did not crash.\n");
+ return 0;
+}
+
projects / apple / security.git / blobdiff