ruby-changes:18632
From: nahi <ko1@a...>
Date: Wed, 26 Jan 2011 17:17:08 +0900 (JST)
Subject: [ruby-changes:18632] Ruby:r30656 (trunk): * ext/openssl/ossl_asn1.c (ossl_asn1_decode0): OpenSSL::ASN1.decode
nahi 2011-01-26 17:17:01 +0900 (Wed, 26 Jan 2011) New Revision: 30656 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=30656 Log: * ext/openssl/ossl_asn1.c (ossl_asn1_decode0): OpenSSL::ASN1.decode should reject indefinite length primitive encodings as that is illegal. Patch by Martin Bosslet. See #4324. Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_asn1.c trunk/test/openssl/test_asn1.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 30655) +++ ChangeLog (revision 30656) @@ -1,3 +1,9 @@ +Wed Jan 26 17:08:59 2011 NAKAMURA, Hiroshi <nahi@r...> + + * ext/openssl/ossl_asn1.c (ossl_asn1_decode0): OpenSSL::ASN1.decode + should reject indefinite length primitive encodings as that is + illegal. Patch by Martin Bosslet. See #4324. + Wed Jan 26 10:36:28 2011 NARUSE, Yui <naruse@r...> * string.c (=~): documentation fix; the return value is nil when Index: ext/openssl/ossl_asn1.c =================================================================== --- ext/openssl/ossl_asn1.c (revision 30655) +++ ext/openssl/ossl_asn1.c (revision 30656) @@ -772,6 +772,9 @@ else value = ossl_asn1_decode0(&p, len, &off, depth+1, 0, yield); } else{ + if ((j & 0x01) && (len == 0)) { + ossl_raise(eASN1Error, "Infinite length for primitive value"); + } value = rb_str_new((const char *)p, len); p += len; off += len; Index: test/openssl/test_asn1.rb =================================================================== --- test/openssl/test_asn1.rb (revision 30655) +++ test/openssl/test_asn1.rb (revision 30656) @@ -430,4 +430,14 @@ end end + def test_primitive_inf_length + assert_raises(OpenSSL::ASN1::ASN1Error) do + spec = %w{ 02 80 02 01 01 00 00 } + raw = [spec.join('')].pack('H*') + OpenSSL::ASN1.decode(raw) + OpenSSL::ASN1.decode_all(raw) + end + end + end if defined?(OpenSSL) + -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/