diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ext/openssl/ossl_asn1.c | 6 | ||||
| -rw-r--r-- | test/openssl/test_asn1.rb | 11 |
3 files changed, 23 insertions, 0 deletions
@@ -1,3 +1,9 @@ +Mon May 23 06:33:17 2011 Martin Bosslet <[email protected]> + + * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite + length. This also prevents a segfault. Added test and improved + documentation. + Mon May 23 05:58:14 2011 Martin Bosslet <[email protected]> * ext/openssl/ossl_asn1.c: Fix decoding of infinite length values. diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 69c736c160..c6f18479d7 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1260,6 +1260,8 @@ ossl_asn1cons_to_der(VALUE self) } } else { + if (CLASS_OF(self) == cASN1Constructive) + ossl_raise(eASN1Error, "Constructive shall only be used with infinite length"); tag = ossl_asn1_default_tag(self); } explicit = ossl_asn1_is_explicit(self); @@ -1809,6 +1811,10 @@ Init_ossl_asn1() * array of the outer infinite length value must end with a * OpenSSL::ASN1::EndOfContent instance. * + * Please note that it is not possible to encode Constructive without + * the +infinite_length+ attribute being set to +true+, use + * OpenSSL::ASN1::Sequence or OpenSSL::ASN1::Set in these cases instead. + * * === Example - Infinite length OCTET STRING * partial1 = OpenSSL::ASN1::OctetString.new("\x01") * partial2 = OpenSSL::ASN1::OctetString.new("\x02") diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb index e29bf438b9..94083f86e4 100644 --- a/test/openssl/test_asn1.rb +++ b/test/openssl/test_asn1.rb @@ -243,6 +243,17 @@ class OpenSSL::TestASN1 < Test::Unit::TestCase assert_equal(raw, asn1.to_der) end + def test_cons_without_inf_length_forbidden + assert_raise(OpenSSL::ASN1::ASN1Error) do + val = OpenSSL::ASN1::OctetString.new('a') + cons = OpenSSL::ASN1::Constructive.new([val], + OpenSSL::ASN1::OCTET_STRING, + nil, + :UNIVERSAL) + cons.to_der + end + end + def test_seq_infinite_length begin content = [ OpenSSL::ASN1::Null.new(nil), |