diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-11-07 11:11:24 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-11-07 11:11:24 +0900 |
commit | c86e2aa39760dc1f9c93ff63084d12d1a950a306 (patch) | |
tree | 0c596c7c52764151e59887e89caae96ed2a383a6 /test | |
parent | db01120382fb7d4ebb3e2a7fe6b407c065e69e3c (diff) | |
parent | 1648afef33c1d97fb203c82291b8a61269e85d3b (diff) | |
download | ruby-openssl-c86e2aa39760dc1f9c93ff63084d12d1a950a306.tar.gz |
Merge branch 'topic/asn1-fix-oob-read-constructed'
* topic/asn1-fix-oob-read-constructed:
asn1: fix out-of-bounds read in decoding constructed objects
Diffstat (limited to 'test')
-rw-r--r-- | test/test_asn1.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/test/test_asn1.rb b/test/test_asn1.rb index 612c59a2..ed0013c4 100644 --- a/test/test_asn1.rb +++ b/test/test_asn1.rb @@ -535,6 +535,29 @@ rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm assert_equal(false, asn1.value[3].infinite_length) end + def test_decode_constructed_overread + test = %w{ 31 06 31 02 30 02 05 00 } + # ^ <- invalid + raw = [test.join].pack("H*") + ret = [] + assert_raise(OpenSSL::ASN1::ASN1Error) { + OpenSSL::ASN1.traverse(raw) { |x| ret << x } + } + assert_equal 2, ret.size + assert_equal 17, ret[0][6] + assert_equal 17, ret[1][6] + + test = %w{ 31 80 30 03 00 00 } + # ^ <- invalid + raw = [test.join].pack("H*") + ret = [] + assert_raise(OpenSSL::ASN1::ASN1Error) { + OpenSSL::ASN1.traverse(raw) { |x| ret << x } + } + assert_equal 1, ret.size + assert_equal 17, ret[0][6] + end + private def assert_universal(tag, asn1) |