diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-01-20 15:06:12 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-07-23 15:14:43 +0900 |
commit | 1d202b077dce4b2732d902c8d5b488792f578079 (patch) | |
tree | b4df63103acc75cdf75dcf13bf3915c68b9afb81 /ext/openssl/ossl_asn1.c | |
parent | 27e4bad625291b69d3ffdf8675230deeaef4aa39 (diff) | |
download | ruby-openssl-1d202b077dce4b2732d902c8d5b488792f578079.tar.gz |
asn1: prevent EOC octets from being in the middle of the content
Encoding with indefinite length form produces an invalid encoding if the
contents array contains an EOC object in the middle. Raise an exception
in that case.
Diffstat (limited to 'ext/openssl/ossl_asn1.c')
-rw-r--r-- | ext/openssl/ossl_asn1.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 842c5b54..87342d68 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1177,6 +1177,11 @@ ossl_asn1cons_to_der(VALUE self) for (i = 0; i < RARRAY_LEN(ary); i++) { VALUE item = RARRAY_AREF(ary, i); + if (indef_len && rb_obj_is_kind_of(item, cASN1EndOfContent)) { + if (i != RARRAY_LEN(ary) - 1) + ossl_raise(eASN1Error, "illegal EOC octets in value"); + } + item = ossl_to_der_if_possible(item); StringValue(item); rb_str_append(str, item); |