summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog12
-rw-r--r--ext/openssl/ossl_asn1.c18
-rw-r--r--test/openssl/test_asn1.rb25
3 files changed, 51 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index f6f4800bec..44e96f965a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+Sun Sep 25 23:43:32 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
+
+ * ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being
+ fed arbitrary string values.
+ Clearly distinguish between the cases "universal, infinite and
+ not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly
+ infinite". Raise error for universal tags that are not infinite.
+ * test/openssl/test_asn1.rb: add a test for this.
+
+ Thanks to Hiroshi Yoshida for reporting this bug.
+ [Bug #5363] [ruby-dev:44542]
+
Sun Sep 25 20:57:18 2011 Ayumu AIZAWA <ayumu.aizawa@gmail.com>
* test/syck/test/yamldbm.rb: add test for Syck::DBM.
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index fe7256ae61..77f23e3dbc 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -877,13 +877,23 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
}
}
- if (tc == sUNIVERSAL && (tag == V_ASN1_SEQUENCE || V_ASN1_SET)) {
+ if (tc == sUNIVERSAL) {
VALUE args[4];
- VALUE klass = *ossl_asn1_info[tag].klass;
- if (infinite && tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET) {
- asn1data = rb_obj_alloc(cASN1Constructive);
+ int not_sequence_or_set;
+
+ not_sequence_or_set = tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET;
+
+ if (not_sequence_or_set) {
+ if (infinite) {
+ asn1data = rb_obj_alloc(cASN1Constructive);
+ }
+ else {
+ ossl_raise(eASN1Error, "invalid non-infinite tag");
+ return Qnil;
+ }
}
else {
+ VALUE klass = *ossl_asn1_info[tag].klass;
asn1data = rb_obj_alloc(klass);
}
args[0] = ary;
diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
index 31fd2c3251..09324761da 100644
--- a/test/openssl/test_asn1.rb
+++ b/test/openssl/test_asn1.rb
@@ -204,6 +204,31 @@ class OpenSSL::TestASN1 < Test::Unit::TestCase
end
end
+ def test_decode_pem #should fail gracefully (cf. [ruby-dev:44542])
+ pem = <<-_EOS_
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe
+Fw0xMTA5MjUxMzQ4MjZaFw0xMTA5MjUxNDQ4MjZaMD0xEzARBgoJkiaJk/IsZAEZ
+FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9
+gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen
+fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm
+qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6
+8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX
+9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID
+AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAiAtrIr1pLX4GYN5klviWKb8HC9ICYuAFI
+NfE3FwqzErEVXotuMe3yPVyB3Bv6rjYY/x5EtS5+WPTbHlvHZTkfcsnTpizcn4mW
+dJ6dDRaFCHt1YKKjUxqBt9lvvrc3nReYZN/P+s1mrDhWzGf8iPZgf8sFUHgnaK7W
+CXRVXmPFgCDRNpDDVQ0MQkr509yYfTH+dujNzqTCwSvkyZFyQ7Oe8Yj0VR6kquG3
+rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm
+/93PnPG1IvPjYNd5VlV+sXSnaxQn974HRCsMv7jA8BD6IgSaX6WK
+-----END CERTIFICATE-----
+ _EOS_
+ assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode(pem) }
+ assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode_all(pem) }
+ end
+
def test_primitive_cannot_set_infinite_length
begin
prim = OpenSSL::ASN1::Integer.new(50)