diff options
author | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-09-25 14:51:20 +0000 |
---|---|---|
committer | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-09-25 14:51:20 +0000 |
commit | 8b7e10879ea7e78584e4d37ecf535fb2ddc57206 (patch) | |
tree | 953923aba926fee9f26d3f218b4dc78634765dd0 /ext | |
parent | b4bc086a1feb6b099115926f4639e20b6c7d3da2 (diff) | |
download | ruby-8b7e10879ea7e78584e4d37ecf535fb2ddc57206.tar.gz |
* ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being
fed arbitrary string values.
Clearly distinguish between the cases "universal, infinite and
not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly
infinite". Raise error for universal tags that are not infinite.
* test/openssl/test_asn1.rb: add a test for this.
Thanks to Hiroshi Yoshida for reporting this bug.
[Bug #5363] [ruby-dev:44542]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33333 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/ossl_asn1.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index fe7256ae61..77f23e3dbc 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -877,13 +877,23 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length, } } - if (tc == sUNIVERSAL && (tag == V_ASN1_SEQUENCE || V_ASN1_SET)) { + if (tc == sUNIVERSAL) { VALUE args[4]; - VALUE klass = *ossl_asn1_info[tag].klass; - if (infinite && tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET) { - asn1data = rb_obj_alloc(cASN1Constructive); + int not_sequence_or_set; + + not_sequence_or_set = tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET; + + if (not_sequence_or_set) { + if (infinite) { + asn1data = rb_obj_alloc(cASN1Constructive); + } + else { + ossl_raise(eASN1Error, "invalid non-infinite tag"); + return Qnil; + } } else { + VALUE klass = *ossl_asn1_info[tag].klass; asn1data = rb_obj_alloc(klass); } args[0] = ary; |