* ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being

  fed arbitrary string values.
  Clearly distinguish between the cases "universal, infinite and
  not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly
  infinite". Raise error for universal tags that are not infinite.
* test/openssl/test_asn1.rb: add a test for this.

  Thanks to Hiroshi Yoshida for reporting this bug.
  [Bug #5363] [ruby-dev:44542]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33333 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 14 insertions, 4 deletions

diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index fe7256ae61..77f23e3dbc 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -877,13 +877,23 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
 	}
     }
 
-    if (tc == sUNIVERSAL && (tag == V_ASN1_SEQUENCE || V_ASN1_SET)) {
+    if (tc == sUNIVERSAL) {
 	VALUE args[4];
-	VALUE klass = *ossl_asn1_info[tag].klass;
-	if (infinite && tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET) {
-	    asn1data = rb_obj_alloc(cASN1Constructive);
+	int not_sequence_or_set;
+
+	not_sequence_or_set = tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET;
+
+	if (not_sequence_or_set) {
+	    if (infinite) {
+		asn1data = rb_obj_alloc(cASN1Constructive);
+	    }
+	    else {
+		ossl_raise(eASN1Error, "invalid non-infinite tag");
+		return Qnil;
+	    }
 	}
 	else {
+	    VALUE klass = *ossl_asn1_info[tag].klass;
 	    asn1data = rb_obj_alloc(klass);
 	}
 	args[0] = ary;