diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-12-11 03:20:28 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-07-23 13:32:35 +0900 |
| commit | a2b32a48274b592911b91b28072e6f277fa5e116 (patch) | |
| tree | 7d7ef990e29c2bd9b6968e519a28c23d413d2b8e | |
| parent | 400d9caa243307aca8666592dddcd90206b8eb65 (diff) | |
| download | ruby-openssl-a2b32a48274b592911b91b28072e6f277fa5e116.tar.gz | |
asn1: prohibit indefinite length form for primitive encoding
The setter method #indefinite_length= for OpenSSL::ASN1::Primitive is
undef-ed, but we can still set 'indefinite_length' to true illegally
when constructing an object with the raw OpenSSL::ASN1::ASN1Data.
Indefinite length form is not possible in primitive encoding. Raise an
exception in OpenSSL::ASN1::ASN1Data#to_der if specified.
| -rw-r--r-- | ext/openssl/ossl_asn1.c | 2 | ||||
| -rw-r--r-- | test/test_asn1.rb | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index b66a8c6e..dfbffecf 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -716,6 +716,8 @@ ossl_asn1data_to_der(VALUE self) tag_class = ossl_asn1_tag_class(self); inf_length = ossl_asn1_get_indefinite_length(self); if (inf_length == Qtrue) { + if (is_cons == 0) + ossl_raise(eASN1Error, "indefinite form used for primitive encoding"); is_cons = 2; } if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0) diff --git a/test/test_asn1.rb b/test/test_asn1.rb index 1b0f0a33..978ab315 100644 --- a/test/test_asn1.rb +++ b/test/test_asn1.rb @@ -426,6 +426,9 @@ class OpenSSL::TestASN1 < OpenSSL::TestCase ], 1, :APPLICATION) obj.indefinite_length = true encode_decode_test B(%w{ 61 80 C2 02 AB CD 00 00 }), obj + obj = OpenSSL::ASN1::ASN1Data.new(B(%w{ AB CD }), 1, :UNIVERSAL) + obj.indefinite_length = true + assert_raise(OpenSSL::ASN1::ASN1Error) { obj.to_der } end def test_basic_primitive |