kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/ossl_asn1.c: Forbid Constructive without infinite

Browse source 
length. This also prevents a segfault. Added test and improved
documentation.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31701 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
emboss 2011-05-22 21:34:28 +00:00
parent e7d04f4b82
commit a65d506d83
3 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
Mon May 23 06:33:17 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl_asn1.c: Forbid Constructive without infinite
length. This also prevents a segfault. Added test and improved
documentation.
Mon May 23 05:58:14 2011 Martin Bosslet <Martin.Bosslet@googlemail.com> Mon May 23 05:58:14 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl_asn1.c: Fix decoding of infinite length values. * ext/openssl/ossl_asn1.c: Fix decoding of infinite length values.

6
ext/openssl/ossl_asn1.c
View file

@ -1260,6 +1260,8 @@ ossl_asn1cons_to_der(VALUE self)
} }
} }
else { else {
if (CLASS_OF(self) == cASN1Constructive)
ossl_raise(eASN1Error, "Constructive shall only be used with infinite length");
tag = ossl_asn1_default_tag(self); tag = ossl_asn1_default_tag(self);
} }
explicit = ossl_asn1_is_explicit(self); explicit = ossl_asn1_is_explicit(self);
@ -1809,6 +1811,10 @@ Init_ossl_asn1()
* array of the outer infinite length value must end with a * array of the outer infinite length value must end with a
* OpenSSL::ASN1::EndOfContent instance. * OpenSSL::ASN1::EndOfContent instance.
* *
* Please note that it is not possible to encode Constructive without
* the +infinite_length+ attribute being set to +true+, use
* OpenSSL::ASN1::Sequence or OpenSSL::ASN1::Set in these cases instead.
*
* === Example - Infinite length OCTET STRING * === Example - Infinite length OCTET STRING
* partial1 = OpenSSL::ASN1::OctetString.new("\x01") * partial1 = OpenSSL::ASN1::OctetString.new("\x01")
* partial2 = OpenSSL::ASN1::OctetString.new("\x02") * partial2 = OpenSSL::ASN1::OctetString.new("\x02")

11
test/openssl/test_asn1.rb
View file

@ -243,6 +243,17 @@ class OpenSSL::TestASN1 < Test::Unit::TestCase
assert_equal(raw, asn1.to_der) assert_equal(raw, asn1.to_der)
end end
def test_cons_without_inf_length_forbidden
assert_raise(OpenSSL::ASN1::ASN1Error) do
val = OpenSSL::ASN1::OctetString.new('a')
cons = OpenSSL::ASN1::Constructive.new([val],
OpenSSL::ASN1::OCTET_STRING,
nil,
:UNIVERSAL)
cons.to_der
end
end
def test_seq_infinite_length def test_seq_infinite_length
begin begin
content = [ OpenSSL::ASN1::Null.new(nil), content = [ OpenSSL::ASN1::Null.new(nil),