Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEQUENCE OF/SET OF generate infinite loop in constraint check (again!) #379

Closed
robstradling opened this issue May 15, 2020 · 5 comments
Closed

SEQUENCE OF/SET OF generate infinite loop in constraint check (again!) #379

robstradling opened this issue May 15, 2020 · 5 comments

Comments

@robstradling
Copy link
Contributor

It looks like 14e75ed caused a regression w.r.t. dfc9314.

I'm seeing exactly the same behaviour (infinite loop) as described in #195 when trying to check the constraints for a PKIX SubjectAltName.
robstradling pushed a commit to robstradling/asn1c that referenced this issue May 15, 2020
fix issue vlm#379
0322b8a
robstradling added a commit to robstradling/asn1c that referenced this issue May 15, 2020
@robstradling
fix issue vlm#379
e404a34
@mouse07410
Copy link

@robstradling could you please provide a simple/small reproducer?

@robstradling
Copy link
Contributor Author

@mouse07410 Please take a look at https://github.com/certlint/certlint. It's an X.509 certificate linter written in Ruby, which incorporates a C library (asn1validator.so) that's largely autogenerated by asn1c. https://github.com/certlint/certlint/tree/master/ext/README provides instructions (including applying the patch from this PR) for building asn1validator.so.
Without the patch from this PR, certlint hangs whenever it attempts to process a certificate that contains a Subject Alternative Name extension (see https://tools.ietf.org/html/rfc5280#section-4.2.1.6). With the patch from this PR applied, it doesn't hang.

@mouse07410
Copy link

mouse07410 commented Jul 1, 2020
edited

Oh, so the asn1c code is used in a package that makes this behavior manifested.

I was thinking of a small C program (ideally, less than 100 lines of code) with a set of ASN.1 files (presumably from PKIX) that would demonstrate this hangup.

Building and debugging a Ruby app sounds less enticing... :-(

And in its current form, I can't even apply this patch, because it breaks the existing CI.

robstradling added a commit to robstradling/asn1c that referenced this issue Jul 1, 2020
@robstradling
Fix vlm#379
a288399
vlm pushed a commit that referenced this issue Jul 7, 2020
@robstradling @vlm
fix issue #379
ca81457
vlm added a commit that referenced this issue Jul 7, 2020
@vlm
Follow-up to #379
46b394d
@vlm
Copy link
Owner

vlm commented Jul 7, 2020

Patch accepted, thank you!

@vlm vlm closed this as completed Jul 7, 2020
@robstradling
Copy link
Contributor Author

Thanks @vlm !

robstradling added a commit to robstradling/asn1c that referenced this issue Jul 7, 2020
@robstradling
Follow-up to vlm#379
66d0366
mouse07410 pushed a commit to mouse07410/asn1c that referenced this issue Jul 7, 2020
@robstradling @mouse07410
Follow-up to vlm#379
ca3d87a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vlm @robstradling @mouse07410