diff options
| author | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-22 21:34:28 +0000 |
|---|---|---|
| committer | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-22 21:34:28 +0000 |
| commit | a65d506d83ee126d59576e483bdb6699ec73bbe7 (patch) | |
| tree | 17e7eec0e75a3ff8344ee709867628dde296d2f0 | |
| parent | e7d04f4b82a96bcda5224c75314e1dcf93f5f277 (diff) | |
| download | ruby-a65d506d83ee126d59576e483bdb6699ec73bbe7.tar.gz | |
* ext/openssl/ossl_asn1.c: Forbid Constructive without infinite
length. This also prevents a segfault. Added test and improved
documentation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31701 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ext/openssl/ossl_asn1.c | 6 | ||||
| -rw-r--r-- | test/openssl/test_asn1.rb | 11 |
3 files changed, 23 insertions, 0 deletions
@@ -1,3 +1,9 @@ +Mon May 23 06:33:17 2011 Martin Bosslet <Martin.Bosslet@googlemail.com> + + * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite + length. This also prevents a segfault. Added test and improved + documentation. + Mon May 23 05:58:14 2011 Martin Bosslet <Martin.Bosslet@googlemail.com> * ext/openssl/ossl_asn1.c: Fix decoding of infinite length values. diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 69c736c160..c6f18479d7 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1260,6 +1260,8 @@ ossl_asn1cons_to_der(VALUE self) } } else { + if (CLASS_OF(self) == cASN1Constructive) + ossl_raise(eASN1Error, "Constructive shall only be used with infinite length"); tag = ossl_asn1_default_tag(self); } explicit = ossl_asn1_is_explicit(self); @@ -1809,6 +1811,10 @@ Init_ossl_asn1() * array of the outer infinite length value must end with a * OpenSSL::ASN1::EndOfContent instance. * + * Please note that it is not possible to encode Constructive without + * the +infinite_length+ attribute being set to +true+, use + * OpenSSL::ASN1::Sequence or OpenSSL::ASN1::Set in these cases instead. + * * === Example - Infinite length OCTET STRING * partial1 = OpenSSL::ASN1::OctetString.new("\x01") * partial2 = OpenSSL::ASN1::OctetString.new("\x02") diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb index e29bf438b9..94083f86e4 100644 --- a/test/openssl/test_asn1.rb +++ b/test/openssl/test_asn1.rb @@ -243,6 +243,17 @@ class OpenSSL::TestASN1 < Test::Unit::TestCase assert_equal(raw, asn1.to_der) end + def test_cons_without_inf_length_forbidden + assert_raise(OpenSSL::ASN1::ASN1Error) do + val = OpenSSL::ASN1::OctetString.new('a') + cons = OpenSSL::ASN1::Constructive.new([val], + OpenSSL::ASN1::OCTET_STRING, + nil, + :UNIVERSAL) + cons.to_der + end + end + def test_seq_infinite_length begin content = [ OpenSSL::ASN1::Null.new(nil), |