asn1: prohibit EOC octets in the middle of the content

Including EOC octets in the content produces broken BER encoding if the indefinite length form is used. Raise an exception.
ruby · Apr 27, 2017 · 27d36a5 · 27d36a5
1 parent 86f0169
commit 27d36a5
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
@@ -1179,12 +1179,19 @@ ossl_asn1cons_to_der(VALUE self)
 {
     VALUE ary, str;
     long i;
+    int indef_len;
 
+    indef_len = RTEST(ossl_asn1_get_indefinite_length(self));
     ary = rb_convert_type(ossl_asn1_get_value(self), T_ARRAY, "Array", "to_a");
     str = rb_str_new(NULL, 0);
     for (i = 0; i < RARRAY_LEN(ary); i++) {
 	VALUE item = RARRAY_AREF(ary, i);
 
+	if (indef_len && rb_obj_is_kind_of(item, cASN1EndOfContent)) {
+	    if (i != RARRAY_LEN(ary) - 1)
+		ossl_raise(eASN1Error, "illegal EOC octets in value");
+	}
+
 	item = ossl_to_der_if_possible(item);
 	StringValue(item);
 	rb_str_append(str, item);

diff --git a/test/test_asn1.rb b/test/test_asn1.rb
@@ -325,6 +325,15 @@ def test_sequence
     ])
     expected.indefinite_length = true
     encode_decode_test B(%w{ 30 80 04 01 00 00 00 }), expected
+
+    # OpenSSL::ASN1::EndOfContent can only be at the last
+    obj = OpenSSL::ASN1::Sequence.new([
+      OpenSSL::ASN1::EndOfContent.new,
+      OpenSSL::ASN1::OctetString.new(B(%w{ 00 })),
+      OpenSSL::ASN1::EndOfContent.new,
+    ])
+    obj.indefinite_length = true
+    assert_unencodable obj
   end
 
   def test_set