From 6039b10ca5a837655a5fb1b22c3ff5f2e19941b8 Mon Sep 17 00:00:00 2001 From: Krista Bennett Date: Fri, 27 Aug 2021 10:52:13 +0200 Subject: [PATCH] Fixed decoder generation to create decoder that fails when entire blob isn't consumed (or on other failure), indicating an illegal message --- codegen/gen_codec.ysl2 | 9 +++++++-- test/src/ElevatedAttachmentsTest.cc | 2 ++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/codegen/gen_codec.ysl2 b/codegen/gen_codec.ysl2 index 8aae0382..131c0fe9 100644 --- a/codegen/gen_codec.ysl2 +++ b/codegen/gen_codec.ysl2 @@ -152,8 +152,13 @@ tstylesheet { *msg = NULL; «@name»_t *_msg = NULL; - uper_decode_complete(NULL, &asn_DEF_«@name», (void **) &_msg, data, size); - if (!_msg) + asn_dec_rval_t rval = uper_decode_complete(NULL, &asn_DEF_«@name», (void **) &_msg, data, size); + + // N.B: If you plan on having messages were the full message isn't consumed by decoding here, + // then please look into uper_decode_complete; we still may get a message, even if to contains + // nothing. RC_FAIL is an obvious case, but we also need to fail if RC_WMORE is the code, especially + // if rval.consumed == 0. Volker, please look into this and decide what you want. + if (!_msg || rval.code != RC_OK) return PEP_«yml:ucase(@name)»_ILLEGAL_MESSAGE; *msg = _msg; diff --git a/test/src/ElevatedAttachmentsTest.cc b/test/src/ElevatedAttachmentsTest.cc index 9b6812f6..aeb4a768 100644 --- a/test/src/ElevatedAttachmentsTest.cc +++ b/test/src/ElevatedAttachmentsTest.cc @@ -226,6 +226,8 @@ TEST_F(ElevatedAttachmentsTest, check_encrypt_decrypt_message) { msg->shortmsg = strdup("Yo Bob!"); msg->longmsg = strdup("Look at my hot new sender fpr field!"); + // Volker: This is a sloppy way to test - it got processed as a real distribution message because data has meaning + // and happily exposed a bug in your generation code, but... well, you know better :) const char *distribution = "simulation of distribution data"; msg->attachments = new_bloblist(strdup(distribution), strlen(distribution) + 1, "application/pEp.distribution", "distribution.pEp");