From a65d506d83ee126d59576e483bdb6699ec73bbe7 Mon Sep 17 00:00:00 2001
From: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 22 May 2011 21:34:28 +0000
Subject: [PATCH] * ext/openssl/ossl_asn1.c: Forbid Constructive without
 infinite length. This also prevents a segfault. Added test and improved
 documentation.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31701 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                 |  6 ++++++
 ext/openssl/ossl_asn1.c   |  6 ++++++
 test/openssl/test_asn1.rb | 11 +++++++++++
 3 files changed, 23 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index d905a538a1..1ab9d5b4d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Mon May 23 06:33:17 2011  Martin Bosslet  <Martin.Bosslet@googlemail.com>
+
+	* ext/openssl/ossl_asn1.c: Forbid Constructive without infinite
+	length. This also prevents a segfault. Added test and improved
+	documentation.
+
 Mon May 23 05:58:14 2011  Martin Bosslet  <Martin.Bosslet@googlemail.com>
 
 	* ext/openssl/ossl_asn1.c: Fix decoding of infinite length values.
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 69c736c160..c6f18479d7 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1260,6 +1260,8 @@ ossl_asn1cons_to_der(VALUE self)
 	}
     }
     else {
+	if (CLASS_OF(self) == cASN1Constructive)
+	    ossl_raise(eASN1Error, "Constructive shall only be used with infinite length");
 	tag = ossl_asn1_default_tag(self);
     }
     explicit = ossl_asn1_is_explicit(self);
@@ -1809,6 +1811,10 @@ Init_ossl_asn1()
      * array of the outer infinite length value must end with a
      * OpenSSL::ASN1::EndOfContent instance.
      *
+     * Please note that it is not possible to encode Constructive without
+     * the +infinite_length+ attribute being set to +true+, use 
+     * OpenSSL::ASN1::Sequence or OpenSSL::ASN1::Set in these cases instead.
+     *
      * === Example - Infinite length OCTET STRING
      *   partial1 = OpenSSL::ASN1::OctetString.new("\x01")
      *   partial2 = OpenSSL::ASN1::OctetString.new("\x02")
diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
index e29bf438b9..94083f86e4 100644
--- a/test/openssl/test_asn1.rb
+++ b/test/openssl/test_asn1.rb
@@ -243,6 +243,17 @@ class  OpenSSL::TestASN1 < Test::Unit::TestCase
     assert_equal(raw, asn1.to_der)
   end
 
+  def test_cons_without_inf_length_forbidden
+    assert_raise(OpenSSL::ASN1::ASN1Error) do
+      val = OpenSSL::ASN1::OctetString.new('a')
+      cons = OpenSSL::ASN1::Constructive.new([val],
+                                            OpenSSL::ASN1::OCTET_STRING,
+                                            nil,
+                                            :UNIVERSAL)
+      cons.to_der
+    end
+  end
+
   def test_seq_infinite_length
     begin
       content = [ OpenSSL::ASN1::Null.new(nil),