diff --git a/ChangeLog b/ChangeLog index ffddc9cf44..abd1eb324c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Wed Jan 26 17:08:59 2011 NAKAMURA, Hiroshi + + * ext/openssl/ossl_asn1.c (ossl_asn1_decode0): OpenSSL::ASN1.decode + should reject indefinite length primitive encodings as that is + illegal. Patch by Martin Bosslet. See #4324. + Wed Jan 26 10:36:28 2011 NARUSE, Yui * string.c (=~): documentation fix; the return value is nil when diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index b67decc5f3..44c19b9795 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -772,6 +772,9 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, long depth, else value = ossl_asn1_decode0(&p, len, &off, depth+1, 0, yield); } else{ + if ((j & 0x01) && (len == 0)) { + ossl_raise(eASN1Error, "Infinite length for primitive value"); + } value = rb_str_new((const char *)p, len); p += len; off += len; diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb index bdd4f88719..4fd4771d7b 100644 --- a/test/openssl/test_asn1.rb +++ b/test/openssl/test_asn1.rb @@ -430,4 +430,14 @@ class OpenSSL::TestASN1 < Test::Unit::TestCase end end + def test_primitive_inf_length + assert_raises(OpenSSL::ASN1::ASN1Error) do + spec = %w{ 02 80 02 01 01 00 00 } + raw = [spec.join('')].pack('H*') + OpenSSL::ASN1.decode(raw) + OpenSSL::ASN1.decode_all(raw) + end + end + end if defined?(OpenSSL) +