From a65d506d83ee126d59576e483bdb6699ec73bbe7 Mon Sep 17 00:00:00 2001
From: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 22 May 2011 21:34:28 +0000
Subject: * ext/openssl/ossl_asn1.c: Forbid Constructive without infinite
 length. This also prevents a segfault. Added test and improved documentation.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31701 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/openssl/ossl_asn1.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ext/openssl/ossl_asn1.c')

diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 69c736c160..c6f18479d7 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1260,6 +1260,8 @@ ossl_asn1cons_to_der(VALUE self)
 	}
     }
     else {
+	if (CLASS_OF(self) == cASN1Constructive)
+	    ossl_raise(eASN1Error, "Constructive shall only be used with infinite length");
 	tag = ossl_asn1_default_tag(self);
     }
     explicit = ossl_asn1_is_explicit(self);
@@ -1809,6 +1811,10 @@ Init_ossl_asn1()
      * array of the outer infinite length value must end with a
      * OpenSSL::ASN1::EndOfContent instance.
      *
+     * Please note that it is not possible to encode Constructive without
+     * the +infinite_length+ attribute being set to +true+, use 
+     * OpenSSL::ASN1::Sequence or OpenSSL::ASN1::Set in these cases instead.
+     *
      * === Example - Infinite length OCTET STRING
      *   partial1 = OpenSSL::ASN1::OctetString.new("\x01")
      *   partial2 = OpenSSL::ASN1::OctetString.new("\x02")
-- 
cgit v1.2.3