Fix a panic from an unchecked string slice.

When slicing a string, you get a panic if you do so at any point other than at a character boundary. This happened in the implementation of UTCTime parsing. This bug was introduced in bc156c3, and appears to affect only version 0.6.0. I've tried using the clippy::string_slice lint to confirm that there are not any other string slices in this code. Fixes bug #27. Found via fuzzing.
acw · Nov 14, 2021 · c981004 · c981004
1 parent bc156c3
commit c981004
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/src/lib.rs b/src/lib.rs
@@ -505,7 +505,13 @@ fn from_der_(i: &[u8], start_offset: usize) -> Result<Vec<ASN1Block>, ASN1Decode
 
                 let v = String::from_iter(body.iter().map(|x| *x as char));
 
-                let y = &v[0..2];
+                let y = match v.get(0..2) {
+                    Some(yy) => yy,
+                    None => {
+                        // This wasn't a valid character boundrary.
+                        return Err(ASN1DecodeErr::InvalidDateValue(v));
+                    }
+                };
 
                 let y_prefix = match y.parse::<u8>() {
                     Err(_) => return Err(ASN1DecodeErr::InvalidDateValue(v)),
@@ -1438,6 +1444,15 @@ mod tests {
         Ok(vec![ASN1Block::Integer(0, val)])
     }
 
+    #[test]
+    fn utc_time_tests() {
+        // Check for a regression against issue #27, in which this would
+        // cause a panic.
+        let input = [55, 13, 13, 133, 13, 13, 50, 13, 13, 133, 13, 13, 50, 13, 133];
+        let output = from_der(&input);
+        assert!(output.is_err());
+    }
+
     #[test]
     fn generalized_time_tests() {
         check_spec(