From a2b32a48274b592911b91b28072e6f277fa5e116 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Sun, 11 Dec 2016 03:20:28 +0900 Subject: asn1: prohibit indefinite length form for primitive encoding The setter method #indefinite_length= for OpenSSL::ASN1::Primitive is undef-ed, but we can still set 'indefinite_length' to true illegally when constructing an object with the raw OpenSSL::ASN1::ASN1Data. Indefinite length form is not possible in primitive encoding. Raise an exception in OpenSSL::ASN1::ASN1Data#to_der if specified. --- ext/openssl/ossl_asn1.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ext/openssl/ossl_asn1.c') diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index b66a8c6e..dfbffecf 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -716,6 +716,8 @@ ossl_asn1data_to_der(VALUE self) tag_class = ossl_asn1_tag_class(self); inf_length = ossl_asn1_get_indefinite_length(self); if (inf_length == Qtrue) { + if (is_cons == 0) + ossl_raise(eASN1Error, "indefinite form used for primitive encoding"); is_cons = 2; } if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0) -- cgit v1.2.3