From 7d6529a415457ccfc912d6b8ddbac327516ee5d5 Mon Sep 17 00:00:00 2001 From: emboss Date: Sun, 22 May 2011 22:00:24 +0000 Subject: [PATCH] * ext/openssl/ossl_asn1.c: Forbid Constructives whose value is not an Array to prevent segfault. Added test. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31702 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 5 +++++ ext/openssl/ossl_asn1.c | 7 +++++-- test/openssl/test_asn1.rb | 12 ++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1ab9d5b4d2..3b068978f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Mon May 23 06:58:33 2011 Martin Bosslet + + * ext/openssl/ossl_asn1.c: Forbid Constructives whose value is not an + Array to prevent segfault. Added test. + Mon May 23 06:33:17 2011 Martin Bosslet * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index c6f18479d7..cd65195796 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1225,19 +1225,22 @@ ossl_asn1cons_to_der(VALUE self) int found_prim = 0, seq_len; long length; unsigned char *p; - VALUE value, str, inf_length, ary, example; + VALUE value, str, inf_length; tn = NUM2INT(ossl_asn1_get_tag(self)); tc = ossl_asn1_tag_class(self); inf_length = ossl_asn1_get_infinite_length(self); if (inf_length == Qtrue) { + VALUE ary, example; constructed = 2; if (CLASS_OF(self) == cASN1Sequence || CLASS_OF(self) == cASN1Set) { tag = ossl_asn1_default_tag(self); } - else { /*BIT_STRING OR OCTET_STRING*/ + else { /* must be a constructive encoding of a primitive value */ ary = ossl_asn1_get_value(self); + if (!rb_obj_is_kind_of(ary, rb_cArray)) + ossl_raise(eASN1Error, "Constructive value must be an Array"); /* Recursively descend until a primitive value is found. The overall value of the entire constructed encoding is of the type of the first primitive encoding to be diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb index 94083f86e4..0122e0fdcb 100644 --- a/test/openssl/test_asn1.rb +++ b/test/openssl/test_asn1.rb @@ -254,6 +254,18 @@ class OpenSSL::TestASN1 < Test::Unit::TestCase end end + def test_cons_without_array_forbidden + assert_raise(OpenSSL::ASN1::ASN1Error) do + val = OpenSSL::ASN1::OctetString.new('a') + cons = OpenSSL::ASN1::Constructive.new(val, + OpenSSL::ASN1::OCTET_STRING, + nil, + :UNIVERSAL) + cons.infinite_length = true + cons.to_der + end + end + def test_seq_infinite_length begin content = [ OpenSSL::ASN1::Null.new(nil),