Hello, during my testing, I two potential index out-of-range issues in the ASN1 APER decoding and encoding implementation. Specifically, the issues are related to unchecked array index access in two functions:
The parseAlignBits function, and the putBitString function.
These issues can potentially cause the E2T, which uses this code to decode messages, to crash. I have tested this on version 0.10.24, but it appears that the latest version still contains the same problem.
For the decoding issue in parseAlignBits, please see the attached logs:
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:828 Decoding
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:828 Decoding Rsrp
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:897 not a built in field type e2smmho.Rsrp
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:941 struct Rsrp ignoring unexported field : state
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:941 struct Rsrp ignoring unexported field : sizeCache
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:941 struct Rsrp ignoring unexported field : unknownFields
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:949 SEQUENCE int32 can be extended
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:959 optionalCount is 0
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:972 struct Rsrp ignoring unexported field : state
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:972 struct Rsrp ignoring unexported field : sizeCache
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:972 struct Rsrp ignoring unexported field : unknownFields
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:828 Decoding int32
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:128 [PER got 1 bits, byteOffset(after): 31, bitsOffset(after): 5, value: 0x1]
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:859 Decoded Value Extensive Bit: true
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:862 Indicating Value Extensive Bit: true
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:897 not a built in field type int32
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:565 Decoding INTEGER with Extensive Value
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:136 Aligning 3 bits
2023-12-19T11:21:52.511-0400 DEBUG asn1/aper aper/aper.go:128 [PER got 3 bits, byteOffset(after): 32, bitsOffset(after): 0, value: 0x2]
panic: runtime error: slice bounds out of range [:33] with capacity 32
goroutine 1 [running]:
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perBitData).parseAlignBits(0xc000139c80)
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:140 +0x179
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perBitData).parseInteger(0xc000139c80, 0xec?, 0x1c?, 0xc000305390?)
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:572 +0x2b5
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xd02b60?, 0xc00027dee8?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x1, 0x0, 0x0, 0xc0002f3300, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:908 +0x6c5
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xddef60?, 0xc00027dec0?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1056 +0x2d07
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xdee900?, 0xc0002f60b0?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:838 +0x18e5
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xe044e0?, 0xc0002f6080?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1056 +0x2d07
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xe0ccc0?, 0xc00027dd50?, 0xfa8f78?}, 0xc000139c80, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:838 +0x18e5
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perBitData).parseSequenceOf(0xc000139c80, 0x40?, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, ...}, ...)
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:700 +0x605
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xce7ea0?, 0xc000288760?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x1, 0xc0002c2a38, 0xc0002c2a40, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1065 +0x11de
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xdf5e40?, 0xc000288730?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1056 +0x2d07
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xdfebe0?, 0xc000014f10?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:838 +0x18e5
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xd76280?, 0xc000014f10?, 0x400?}, 0xc000139c80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1056 +0x2d07
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xd5ad40?, 0xc000255ce8?, 0xc4503e?}, 0xc000139c80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1200 +0x3305
github.com/onosproject/onos-lib-go/pkg/asn1/aper.parseField({0xddea20?, 0xc000255cc0?, 0xc0000012c0?}, 0xc000139c80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1056 +0x2d07
github.com/onosproject/onos-lib-go/pkg/asn1/aper.UnmarshalWithParams({0xc0002b2aa0, 0x20, 0x20}, {0xe081e0?, 0xc000255cc0?}, {0xe72a80, 0x9}, 0xc0001d8420, 0x0)
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/aper.go:1263 +0x218
github.com/onosproject/onos-e2-sm/servicemodels/e2sm_mho_go/encoder.PerDecodeE2SmMhoIndicationMessage({0xc0002b2aa0, 0x20, 0x20})
/home/tianchang/go/pkg/mod/github.com/onosproject/onos-e2-sm/servicemodels/e2sm_mho_go@v0.8.6/encoder/E2SM-MHO-IndicationMessage.go:35 +0x108
github.com/onosproject/onos-e2-sm/servicemodels/e2sm_mho_go/servicemodel.MhoServiceModel.IndicationMessageASN1toProto({0xfa4b80?, 0xc000014018?}, {0xc0002b2aa0, 0x20, 0x20})
And for the encoding issue in putBitString, the log is as follows:
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).putBitString(0xc0006c5af0, {0x0, 0x1b?, 0xc0000c0ea0?}, 0x0)
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:57 +0x5c5
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).appendBitString(0xc0006c5af0, {0x0, 0x0, 0x0}, 0x0, 0x2?, 0x1acbc68?, 0xe3fab7?)
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:202 +0x6ea
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1021de0?, 0xc0005f6ff0?, 0x5?}, {0x0, 0x0, 0x0, 0xc0004ce060, 0xc0004ce068, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:960 +0x1072
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1021ec0?, 0xc00039a718?, 0xeb2b80?}, {0x0, 0x0, 0x0, 0xc0004ce060, 0xc0004ce068, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xf67be0?, 0xc00039a718?, 0xc0000b3780?}, {0x0, 0x0, 0x0, 0xc000469f88, 0xc000469f90, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1245 +0x3345
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xeff660?, 0xc00039a718?, 0xc0004d9db0?}, {0x0, 0x0, 0x0, 0xc000469f88, 0xc000469f90, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xffe3c0?, 0xc0004c83c0?, 0x1acbc58?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1174 +0x3a89
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1059620?, 0xc0004c8370?, 0xeb2b40?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x10242a0?, 0xc0004c8340?, 0xc000393440?}, {0x1, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1245 +0x3345
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1038180?, 0xc0005f6ef8?, 0x0?}, {0x1, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x10742c0?, 0xc0005f6eb0?, 0x412025?}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1245 +0x3345
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1059740?, 0xc00039a700?, 0x28?}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xf66fe0?, 0xc00039a700?, 0x0?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1245 +0x3345
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xefed60?, 0xc00039a700?, 0x0?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xffe6c0?, 0xc0004c8200?, 0x0?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1174 +0x3a89
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1093400?, 0xc0004c81e8?, 0x62202c31203a2972?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x10170a0?, 0xc0004c81c0?, 0xc0006c35f0?}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1245 +0x3345
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1034e80?, 0xc00039a6f0?, 0x426685?}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xf5c4e0?, 0xc00039a6f0?, 0xc0006c45b0?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1245 +0x3345
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xefa680?, 0xc00039a6f0?, 0x718e0?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0xff2f00?, 0xc0004c8180?, 0x0?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1174 +0x3a89
github.com/onosproject/onos-lib-go/pkg/asn1/aper.(*perRawBitData).makeField(0xc0006c5af0, {0x1044c00?, 0xc0004c8180?, 0x123f230?}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...})
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:937 +0x1189
github.com/onosproject/onos-lib-go/pkg/asn1/aper.MarshalWithParams({0x1044c00?, 0xc0004c8180?}, {0x10d8ef2?, 0xc0001106b0?}, 0x1?, 0x1?)
/go/pkg/mod/github.com/onosproject/onos-lib-go@v0.10.24/pkg/asn1/aper/marshal.go:1284 +0x15f
github.com/onosproject/onos-e2-sm/servicemodels/e2sm_mho_go/encoder.PerEncodeE2SmMhoIndicationMessage(0xc0004c8180)
/go/pkg/mod/github.com/onosproject/onos-e2-sm/servicemodels/e2sm_mho_go@v0.8.6/encoder/E2SM-MHO-IndicationMessage.go:21 +0xc8
github.com/onosproject/onos-e2-sm/servicemodels/e2sm_mho_go/servicemodel.MhoServiceModel.IndicationMessageProtoToASN1({0x12201a0?, 0xc00045ff00?}, {0xc0006a40c0, 0x36, 0x36})
/go/pkg/mod/github.com/onosproject/onos-e2-sm/servicemodels/e2sm_mho_go@v0.8.6/servicemodel/servicemodel.go:83 +0xa6
Hello, during my testing, I two potential index out-of-range issues in the ASN1 APER decoding and encoding implementation. Specifically, the issues are related to unchecked array index access in two functions:
The parseAlignBits function, and the putBitString function.
These issues can potentially cause the E2T, which uses this code to decode messages, to crash. I have tested this on version 0.10.24, but it appears that the latest version still contains the same problem.
For the decoding issue in parseAlignBits, please see the attached logs:
And for the encoding issue in putBitString, the log is as follows: