3 files changed, 19 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index ffddc9cf44..abd1eb324c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Wed Jan 26 17:08:59 2011  NAKAMURA, Hiroshi  <nahi@ruby-lang.org>
+
+	* ext/openssl/ossl_asn1.c (ossl_asn1_decode0): OpenSSL::ASN1.decode
+	  should reject indefinite length primitive encodings as that is
+	  illegal. Patch by Martin Bosslet. See #4324.
+
 Wed Jan 26 10:36:28 2011  NARUSE, Yui  <naruse@ruby-lang.org>
 
 	* string.c (=~): documentation fix; the return value is nil when
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index b67decc5f3..44c19b9795 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -772,6 +772,9 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, long depth,
 	    else value = ossl_asn1_decode0(&p, len, &off, depth+1, 0, yield);
 	}
 	else{
+	    if ((j & 0x01) && (len == 0)) {
+		ossl_raise(eASN1Error, "Infinite length for primitive value");
+	    }
 	    value = rb_str_new((const char *)p, len);
 	    p += len;
 	    off += len;
diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
index bdd4f88719..4fd4771d7b 100644
--- a/test/openssl/test_asn1.rb
+++ b/test/openssl/test_asn1.rb
@@ -430,4 +430,14 @@ class  OpenSSL::TestASN1 < Test::Unit::TestCase
     end
   end
   
+  def test_primitive_inf_length
+    assert_raises(OpenSSL::ASN1::ASN1Error) do
+      spec = %w{ 02 80 02 01 01 00 00 }
+      raw = [spec.join('')].pack('H*')
+      OpenSSL::ASN1.decode(raw)
+      OpenSSL::ASN1.decode_all(raw)
+    end
+  end
+  
 end if defined?(OpenSSL)
+