ruby-changes:21284
From: emboss <ko1@a...>
Date: Sun, 25 Sep 2011 23:51:31 +0900 (JST)
Subject: [ruby-changes:21284] emboss:r33333 (trunk): * ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being
emboss 2011-09-25 23:51:20 +0900 (Sun, 25 Sep 2011) New Revision: 33333 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33333 Log: * ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being fed arbitrary string values. Clearly distinguish between the cases "universal, infinite and not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly infinite". Raise error for universal tags that are not infinite. * test/openssl/test_asn1.rb: add a test for this. Thanks to Hiroshi Yoshida for reporting this bug. [Bug #5363] [ruby-dev:44542] Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_asn1.c trunk/test/openssl/test_asn1.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 33332) +++ ChangeLog (revision 33333) @@ -1,3 +1,15 @@ +Sun Sep 25 23:43:32 2011 Martin Bosslet <Martin.Bosslet@g...> + + * ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being + fed arbitrary string values. + Clearly distinguish between the cases "universal, infinite and + not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly + infinite". Raise error for universal tags that are not infinite. + * test/openssl/test_asn1.rb: add a test for this. + + Thanks to Hiroshi Yoshida for reporting this bug. + [Bug #5363] [ruby-dev:44542] + Sun Sep 25 20:57:18 2011 Ayumu AIZAWA <ayumu.aizawa@g...> * test/syck/test/yamldbm.rb: add test for Syck::DBM. Index: ext/openssl/ossl_asn1.c =================================================================== --- ext/openssl/ossl_asn1.c (revision 33332) +++ ext/openssl/ossl_asn1.c (revision 33333) @@ -877,13 +877,23 @@ } } - if (tc == sUNIVERSAL && (tag == V_ASN1_SEQUENCE || V_ASN1_SET)) { + if (tc == sUNIVERSAL) { VALUE args[4]; - VALUE klass = *ossl_asn1_info[tag].klass; - if (infinite && tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET) { - asn1data = rb_obj_alloc(cASN1Constructive); + int not_sequence_or_set; + + not_sequence_or_set = tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET; + + if (not_sequence_or_set) { + if (infinite) { + asn1data = rb_obj_alloc(cASN1Constructive); + } + else { + ossl_raise(eASN1Error, "invalid non-infinite tag"); + return Qnil; + } } else { + VALUE klass = *ossl_asn1_info[tag].klass; asn1data = rb_obj_alloc(klass); } args[0] = ary; Index: test/openssl/test_asn1.rb =================================================================== --- test/openssl/test_asn1.rb (revision 33332) +++ test/openssl/test_asn1.rb (revision 33333) @@ -204,6 +204,31 @@ end end + def test_decode_pem #should fail gracefully (cf. [ruby-dev:44542]) + pem = <<-_EOS_ +-----BEGIN CERTIFICATE----- +MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQB +GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe +Fw0xMTA5MjUxMzQ4MjZaFw0xMTA5MjUxNDQ4MjZaMD0xEzARBgoJkiaJk/IsZAEZ +FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9 +gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen +fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm +qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6 +8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX +9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID +AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAiAtrIr1pLX4GYN5klviWKb8HC9ICYuAFI +NfE3FwqzErEVXotuMe3yPVyB3Bv6rjYY/x5EtS5+WPTbHlvHZTkfcsnTpizcn4mW +dJ6dDRaFCHt1YKKjUxqBt9lvvrc3nReYZN/P+s1mrDhWzGf8iPZgf8sFUHgnaK7W +CXRVXmPFgCDRNpDDVQ0MQkr509yYfTH+dujNzqTCwSvkyZFyQ7Oe8Yj0VR6kquG3 +rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm +/93PnPG1IvPjYNd5VlV+sXSnaxQn974HRCsMv7jA8BD6IgSaX6WK +-----END CERTIFICATE----- + _EOS_ + assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode(pem) } + assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode_all(pem) } + end + def test_primitive_cannot_set_infinite_length begin prim = OpenSSL::ASN1::Integer.new(50) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/