Cocoanetics / DTFoundation

Standard toolset classes and categories
BSD 2-Clause "Simplified" License
802 stars 237 forks source link

crash parsing ASN.1 string with non-UTF-8 coded special character #90

Closed sbnmrk closed 9 years ago

sbnmrk commented 9 years ago

See the case for DTASN1*String tags in DTASN1Parser.m _parseValueWithTag:dataRange:.

The NSString object is always created with NSUTF8StringEncoding. If the buffer contains invalid UTF-8 data (for instance an ISO8859 string with a special character > 0x7F), there is no NSString object created and nil returned. There is no check for that nil value, which ultimately is added into an NSArray, crashing the application. Moreover the buffer memory is leaking according to the Apple documentation.

odrobnik commented 9 years ago

Happy to receive your pull request with a fix

odrobnik commented 9 years ago

I've returned from vacation and would like to include a proper fix for this issue. Do you have a pull request and/or a unit test for this?

odrobnik commented 9 years ago

Do you have a concrete example that I could use to build a unit test? I'm thinking that there should be a way to properly decode Latin1-strings too.

odrobnik commented 9 years ago

@sbnmrk Please respond.

sbnmrk commented 9 years ago

Sorry, no I don't have a test case for you. I tested and verified with a certificate of someone else and I don't want to see that certificate checked in as a unit test on github.com. It contains personal information.

Maybe one can create a certificate containing non-UTF-8 characters with openssl without specifying the -utf8 switch? Don't have the time to check that. Sorry.

odrobnik commented 9 years ago

@sbnmrk well, like it is implemented now all such strings are ignored. You are welcome to add a proper implementation when you have time. I'm going to release DTFoundation 1.7.5 as is.