asn1: prevent EOC octets from being in the middle of the content

Encoding with indefinite length form produces an invalid encoding if the contents array contains an EOC object in the middle. Raise an exception in that case.
author: Kazuki Yamaguchi <k@rhe.jp> 2017-01-20 15:06:12 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2017-07-23 15:14:43 +0900
commit: 1d202b077dce4b2732d902c8d5b488792f578079 (patch)
tree: b4df63103acc75cdf75dcf13bf3915c68b9afb81 /ext/openssl/ossl_asn1.c
parent: 27e4bad625291b69d3ffdf8675230deeaef4aa39 (diff)
download: ruby-openssl-1d202b077dce4b2732d902c8d5b488792f578079.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 842c5b54..87342d68 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1177,6 +1177,11 @@ ossl_asn1cons_to_der(VALUE self)
     for (i = 0; i < RARRAY_LEN(ary); i++) {
 	VALUE item = RARRAY_AREF(ary, i);
 
+	if (indef_len && rb_obj_is_kind_of(item, cASN1EndOfContent)) {
+	    if (i != RARRAY_LEN(ary) - 1)
+		ossl_raise(eASN1Error, "illegal EOC octets in value");
+	}
+
 	item = ossl_to_der_if_possible(item);
 	StringValue(item);
 	rb_str_append(str, item);
author	Kazuki Yamaguchi <k@rhe.jp>	2017-01-20 15:06:12 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2017-07-23 15:14:43 +0900
commit	1d202b077dce4b2732d902c8d5b488792f578079 (patch)
tree	b4df63103acc75cdf75dcf13bf3915c68b9afb81 /ext/openssl/ossl_asn1.c
parent	27e4bad625291b69d3ffdf8675230deeaef4aa39 (diff)
download	ruby-openssl-1d202b077dce4b2732d902c8d5b488792f578079.tar.gz