tests: added invalid PKCS#7 struct checks

The added struct causes an integer overflow.

4 files changed, 40 insertions, 31 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0d8fcb1..537acaf 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -43,11 +43,13 @@ EXTRA_DIST = Test_parser.asn Test_tree.asn Test_tree_asn1_tab.c	\
 	invalid-x509/id-000028.der invalid-x509/id-000029.der \
 	invalid-x509/id-000030.der invalid-x509/id-000031.der \
 	invalid-x509/id-000032.der invalid-x509/id-000033.der \
-	invalid-x509/id-000034.der invalid-x509/id-000035.der
+	invalid-x509/id-000034.der invalid-x509/id-000035.der \
+	invalid-pkcs7/id-000001.der
 
 # For crlf.
 EXTRA_DIST += crlf.cer crl.der ocsp.der
-dist_check_SCRIPTS = crlf benchmark threadsafety decoding decoding-invalid-x509
+dist_check_SCRIPTS = crlf benchmark threadsafety decoding decoding-invalid-x509 \
+	decoding-invalid-pkcs7
 
 MOSTLYCLEANFILES = Test_parser_ERROR.asn
 
diff --git a/tests/coding-long-oid.c b/tests/coding-long-oid.c
index bc2cd56..6031cf2 100644
--- a/tests/coding-long-oid.c
+++ b/tests/coding-long-oid.c
@@ -159,7 +159,7 @@ main (int argc, char** argv)
   result = asn1_parser2tree (pkixfile, &definitions, errorDescription);
   if (result != ASN1_SUCCESS)
     {
-      printf ("error in %d\n", __LINE__);
+      printf ("error in %d: %s\n", __LINE__, errorDescription);
       exit (1);
     }
 
diff --git a/tests/invalid-pkcs7/id-000001.der b/tests/invalid-pkcs7/id-000001.der
new file mode 100644
index 0000000..6c91a25
--- /dev/null
+++ b/tests/invalid-pkcs7/id-000001.der
diff --git a/tests/pkix.asn b/tests/pkix.asn
index f5dc6b9..efdf95e 100644
--- a/tests/pkix.asn
+++ b/tests/pkix.asn
@@ -934,36 +934,31 @@ ub-x121-address-length INTEGER ::= 16
 -- Cryptographic Message Syntax
 
 pkcs-7-ContentInfo ::= SEQUENCE {
-  contentType pkcs-7-ContentType,
+  contentType OBJECT IDENTIFIER,
   content [0] EXPLICIT ANY DEFINED BY contentType }
 
 pkcs-7-DigestInfo ::= SEQUENCE {
-  digestAlgorithm pkcs-7-DigestAlgorithmIdentifier,
-  digest pkcs-7-Digest
+  digestAlgorithm AlgorithmIdentifier,
+  digest OCTET STRING 
 }
 
-pkcs-7-Digest ::= OCTET STRING
-
-pkcs-7-ContentType ::= OBJECT IDENTIFIER
-
 pkcs-7-SignedData ::= SEQUENCE {
-  version pkcs-7-CMSVersion,
+  version INTEGER,
   digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
   encapContentInfo pkcs-7-EncapsulatedContentInfo,
   certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
   crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
-  signerInfos pkcs-7-SignerInfos
+  signerInfos pkcs-7-SignerInfos 
 }
 
-pkcs-7-CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4) }
+pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier
 
-pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier
-
-pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+-- rfc5652: eContent [0] EXPLICIT OCTET STRING OPTIONAL
+-- rfc2315: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
 
 pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
-  eContentType pkcs-7-ContentType,
-  eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+  eContentType OBJECT IDENTIFIER,
+  eContent [0] EXPLICIT ANY OPTIONAL }
 
 -- We don't use CertificateList here since we only want
 -- to read the raw data.
@@ -978,8 +973,28 @@ pkcs-7-CertificateChoices ::= CHOICE {
 
 pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
 
-pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
- -- anyway
+IssuerAndSerialNumber ::= SEQUENCE {
+	issuer Name,
+	serialNumber CertificateSerialNumber
+}
+
+pkcs-7-SignerInfo ::= SEQUENCE {
+     version INTEGER,
+     sid SignerIdentifier,
+     digestAlgorithm AlgorithmIdentifier,
+     signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+     signatureAlgorithm AlgorithmIdentifier,
+     signature OCTET STRING,
+     unsignedAttrs [1] IMPLICIT SignedAttributes OPTIONAL }
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+SignerIdentifier ::= CHOICE {
+	issuerAndSerialNumber IssuerAndSerialNumber,
+	subjectKeyIdentifier [0] SubjectKeyIdentifier
+}
+
+pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo
 
 
 -- BEGIN of RFC2986
@@ -1158,28 +1173,20 @@ pkcs-12-PKCS12Attribute ::= Attribute
 
 -- PKCS #7 stuff (needed in PKCS 12)
 
-pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-    us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
-
-pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-    us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
-
 pkcs-7-Data ::= OCTET STRING
 
 pkcs-7-EncryptedData ::= SEQUENCE {
-    version pkcs-7-CMSVersion,
+    version INTEGER,
     encryptedContentInfo pkcs-7-EncryptedContentInfo,
     unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
 
 pkcs-7-EncryptedContentInfo ::= SEQUENCE {
-    contentType pkcs-7-ContentType,
+    contentType OBJECT IDENTIFIER,
     contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
-    encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
+    encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL }
 
 pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
 
-pkcs-7-EncryptedContent ::= OCTET STRING
-
 pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
 
 -- LDAP stuff