Skip to content

asn1: limit nesting depth in OpenSSL::ASN1.decode#1060

Merged
rhenium merged 1 commit into
ruby:masterfrom
rhenium:ky/asn1-decode-limit-recursion
May 30, 2026
Merged

asn1: limit nesting depth in OpenSSL::ASN1.decode#1060
rhenium merged 1 commit into
ruby:masterfrom
rhenium:ky/asn1-decode-limit-recursion

Conversation

@rhenium
Copy link
Copy Markdown
Member

@rhenium rhenium commented May 29, 2026
edited
Loading

Feeding a deeply nested constructed encoding to OpenSSL::ASN1.decode, .decode_all, or .traverse can cause unbounded recursion and result in raising SystemStackError instead of OpenSSL::ASN1::ASN1Error.

Add an explicit nesting depth limit of 200 levels. This is an arbitrary limit and not configurable, but it should be sufficient for typical use cases.

Fixes https://hackerone.com/reports/3662125

@rhenium rhenium force-pushed the ky/asn1-decode-limit-recursion branch from 1fe4d7d to 85a6263 Compare May 29, 2026 13:38
@rhenium
asn1: limit nesting depth in OpenSSL::ASN1.decode
fc75323 
Feeding a deeply nested constructed encoding to OpenSSL::ASN1.decode,
.decode_all, or .traverse can cause unbounded recursion and result in
SystemStackError.

Add an explicit nesting depth limit of 200 levels and raise
OpenSSL::ASN1::ASN1Error if it is exceeded. This limit is arbitrary and
currently not configurable, but should be sufficient for any practical
use cases.

Fixes https://hackerone.com/reports/3662125
@rhenium rhenium force-pushed the ky/asn1-decode-limit-recursion branch from 85a6263 to fc75323 Compare May 30, 2026 08:52
@rhenium rhenium merged commit c7cdca7 into ruby:master May 30, 2026
47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rhenium