Skip to content

Commit

Permalink
der: don't accept padded subidentifiers
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomato42
tomato42 committed Nov 4, 2019
1 parent 1bfb06f commit a127819
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/ecdsa/der.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,8 @@ def remove_integer(string):
def read_number(string):
number = 0
llen = 0
if str_idx_as_int(string, 0) == 0x80:
raise UnexpectedDER("Non minimal encoding of OID subidentifier")
# base-128 big endian, with b7 set in all but the last byte
while True:
if llen >= len(string):
Expand Down
8 changes: 8 additions & 0 deletions src/ecdsa/test_der.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,14 @@ def test_with_large_second_subid(self):
self.assertEqual(rest, b'')
self.assertEqual(oid, (2, 999, 3))

def test_with_padded_first_subid(self):
with self.assertRaises(UnexpectedDER):
remove_object(b'\x06\x02\x80\x00')

def test_with_padded_second_subid(self):
with self.assertRaises(UnexpectedDER):
remove_object(b'\x06\x04\x88\x37\x80\x01')

def test_with_missing_last_byte_of_multi_byte(self):
with self.assertRaises(UnexpectedDER):
remove_object(b'\x06\x03\x88\x37\x83')
Expand Down

0 comments on commit a127819

Please sign in to comment.