diff options
-rw-r--r-- | ext/openssl/ossl_asn1.c | 5 | ||||
-rw-r--r-- | test/test_asn1.rb | 9 |
2 files changed, 14 insertions, 0 deletions
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 842c5b54..87342d68 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1177,6 +1177,11 @@ ossl_asn1cons_to_der(VALUE self) for (i = 0; i < RARRAY_LEN(ary); i++) { VALUE item = RARRAY_AREF(ary, i); + if (indef_len && rb_obj_is_kind_of(item, cASN1EndOfContent)) { + if (i != RARRAY_LEN(ary) - 1) + ossl_raise(eASN1Error, "illegal EOC octets in value"); + } + item = ossl_to_der_if_possible(item); StringValue(item); rb_str_append(str, item); diff --git a/test/test_asn1.rb b/test/test_asn1.rb index 223b11a5..d3945d36 100644 --- a/test/test_asn1.rb +++ b/test/test_asn1.rb @@ -345,6 +345,15 @@ class OpenSSL::TestASN1 < OpenSSL::TestCase ]) expected.indefinite_length = true encode_decode_test B(%w{ 30 80 04 01 00 00 00 }), expected + + # OpenSSL::ASN1::EndOfContent can only be at the end + obj = OpenSSL::ASN1::Sequence.new([ + OpenSSL::ASN1::EndOfContent.new, + OpenSSL::ASN1::OctetString.new(B(%w{ 00 })), + OpenSSL::ASN1::EndOfContent.new, + ]) + obj.indefinite_length = true + assert_raise(OpenSSL::ASN1::ASN1Error) { obj.to_der } end def test_set |