1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] asn1: check for missing EOC in indefinite length encoding

Browse Source 
EOC octets are required at the end of contents of a constructed encoding
that uses the indefinite length form. This cannot be assumed from the
end of the input. Raise an exception when necessary.

https://github.com/ruby/openssl/commit/bc20c13a7c
This commit is contained in:
Kazuki Yamaguchi 2025-02-23 00:18:38 +09:00 committed by git
parent c218862d3c
commit 93afcfcde3
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ext/openssl/ossl_asn1.c
View File

@ -797,10 +797,12 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
*num_read += inner_read; *num_read += inner_read;
available_len -= inner_read; available_len -= inner_read;
if (indefinite && if (indefinite) {
ossl_asn1_tag(value) == V_ASN1_EOC && if (ossl_asn1_tag(value) == V_ASN1_EOC &&
ossl_asn1_get_tag_class(value) == sym_UNIVERSAL) { ossl_asn1_get_tag_class(value) == sym_UNIVERSAL)
break; break;
if (available_len == 0)
ossl_raise(eASN1Error, "EOC missing in indefinite length encoding");
} }
rb_ary_push(ary, value); rb_ary_push(ary, value);
} }

5
test/openssl/test_asn1.rb
View File

@ -389,6 +389,11 @@ class OpenSSL::TestASN1 < OpenSSL::TestCase
]) ])
expected.indefinite_length = true expected.indefinite_length = true
encode_test B(%w{ 30 80 04 01 00 00 00 }), expected encode_test B(%w{ 30 80 04 01 00 00 00 }), expected
# Missing EOC at the end of contents octets
assert_raise(OpenSSL::ASN1::ASN1Error) {
OpenSSL::ASN1.decode(B(%w{ 30 80 01 01 FF }))
}
end end
def test_set def test_set