ruby-changes:19656
From: emboss <ko1@a...>
Date: Mon, 23 May 2011 06:34:58 +0900 (JST)
Subject: [ruby-changes:19656] emboss:r31701 (trunk): * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite
emboss 2011-05-23 06:34:28 +0900 (Mon, 23 May 2011) New Revision: 31701 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=31701 Log: * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite length. This also prevents a segfault. Added test and improved documentation. Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_asn1.c trunk/test/openssl/test_asn1.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 31700) +++ ChangeLog (revision 31701) @@ -1,3 +1,9 @@ +Mon May 23 06:33:17 2011 Martin Bosslet <Martin.Bosslet@g...> + + * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite + length. This also prevents a segfault. Added test and improved + documentation. + Mon May 23 05:58:14 2011 Martin Bosslet <Martin.Bosslet@g...> * ext/openssl/ossl_asn1.c: Fix decoding of infinite length values. Index: ext/openssl/ossl_asn1.c =================================================================== --- ext/openssl/ossl_asn1.c (revision 31700) +++ ext/openssl/ossl_asn1.c (revision 31701) @@ -1260,6 +1260,8 @@ } } else { + if (CLASS_OF(self) == cASN1Constructive) + ossl_raise(eASN1Error, "Constructive shall only be used with infinite length"); tag = ossl_asn1_default_tag(self); } explicit = ossl_asn1_is_explicit(self); @@ -1809,6 +1811,10 @@ * array of the outer infinite length value must end with a * OpenSSL::ASN1::EndOfContent instance. * + * Please note that it is not possible to encode Constructive without + * the +infinite_length+ attribute being set to +true+, use + * OpenSSL::ASN1::Sequence or OpenSSL::ASN1::Set in these cases instead. + * * === Example - Infinite length OCTET STRING * partial1 = OpenSSL::ASN1::OctetString.new("\x01") * partial2 = OpenSSL::ASN1::OctetString.new("\x02") Index: test/openssl/test_asn1.rb =================================================================== --- test/openssl/test_asn1.rb (revision 31700) +++ test/openssl/test_asn1.rb (revision 31701) @@ -243,6 +243,17 @@ assert_equal(raw, asn1.to_der) end + def test_cons_without_inf_length_forbidden + assert_raise(OpenSSL::ASN1::ASN1Error) do + val = OpenSSL::ASN1::OctetString.new('a') + cons = OpenSSL::ASN1::Constructive.new([val], + OpenSSL::ASN1::OCTET_STRING, + nil, + :UNIVERSAL) + cons.to_der + end + end + def test_seq_infinite_length begin content = [ OpenSSL::ASN1::Null.new(nil), -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/