asn1: check for illegal 'unused_bits' value of BitString

Invalid values such as nil or values not in the range 0 to 7 are
silently coerced into the valid range. This behavior is confusing and
hides user bugs. Raise an exception instead if an illegal value is
specified.

1 files changed, 6 insertions, 5 deletions

diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index c0dab131..59ef226a 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -204,13 +204,15 @@ obj_to_asn1bstr(VALUE obj, long unused_bits)
 {
     ASN1_BIT_STRING *bstr;
 
-    if(unused_bits < 0) unused_bits = 0;
+    if (unused_bits < 0 || unused_bits > 7)
+	ossl_raise(eASN1Error, "unused_bits for a bitstring value must be in "\
+		   "the range 0 to 7");
     StringValue(obj);
     if(!(bstr = ASN1_BIT_STRING_new()))
 	ossl_raise(eASN1Error, NULL);
     ASN1_BIT_STRING_set(bstr, (unsigned char *)RSTRING_PTR(obj), RSTRING_LENINT(obj));
     bstr->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
-    bstr->flags |= ASN1_STRING_FLAG_BITS_LEFT|(unused_bits&0x07);
+    bstr->flags |= ASN1_STRING_FLAG_BITS_LEFT | unused_bits;
 
     return bstr;
 }
@@ -498,7 +500,7 @@ ossl_asn1_get_asn1type(VALUE obj)
     VALUE value, rflag;
     void *ptr;
     void (*free_func)();
-    int tag, flag;
+    int tag;
 
     tag = ossl_asn1_default_tag(obj);
     value = ossl_asn1_get_value(obj);
@@ -514,8 +516,7 @@ ossl_asn1_get_asn1type(VALUE obj)
 	break;
     case V_ASN1_BIT_STRING:
         rflag = rb_attr_get(obj, sivUNUSED_BITS);
-        flag = NIL_P(rflag) ? -1 : NUM2INT(rflag);
-	ptr = obj_to_asn1bstr(value, flag);
+	ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
 	free_func = ASN1_BIT_STRING_free;
 	break;
     case V_ASN1_NULL: