asn1: prohibit EOC octets in the middle of the content

This produces broken BER encoding if the indefinite length form is used.
ruby · Jan 20, 2017 · 56894bd · 56894bd
1 parent e137f74
commit 56894bd
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
@@ -714,13 +714,19 @@ static VALUE
 ossl_asn1cons_encode_value(VALUE self)
 {
     VALUE ary, str;
-    int i;
+    int i, indef_len;
 
+    indef_len = RTEST(ossl_asn1_get_indefinite_length(self));
     ary = rb_convert_type(ossl_asn1_get_value(self), T_ARRAY, "Array", "to_a");
     str = rb_str_new(0, 0);
     for (i = 0; i < RARRAY_LEN(ary); i++) {
 	VALUE item = RARRAY_AREF(ary, i);
 
+	if (indef_len && rb_obj_is_kind_of(item, cASN1EndOfContent)) {
+	    if (i != RARRAY_LEN(ary) - 1)
+		ossl_raise(eASN1Error, "illegal EOC octets in value");
+	}
+
 	item = ossl_to_der_if_possible(item);
 	StringValue(item);
 	rb_str_append(str, item);

diff --git a/test/test_asn1.rb b/test/test_asn1.rb
@@ -325,6 +325,15 @@ def test_sequence
     ])
     expected.indefinite_length = true
     encode_decode_test B(%w{ 30 80 04 01 00 00 00 }), expected
+
+    # OpenSSL::ASN1::EndOfContent can only be at the last
+    obj = OpenSSL::ASN1::Sequence.new([
+      OpenSSL::ASN1::EndOfContent.new,
+      OpenSSL::ASN1::OctetString.new(B(%w{ 00 })),
+      OpenSSL::ASN1::EndOfContent.new,
+    ])
+    obj.indefinite_length = true
+    assert_unencodable obj
   end
 
   def test_set