Project

General

Profile

Actions

Bug #4324

closed

[ext/openssl] Parsing of incorrect ASN.1 values succeeds

Added by MartinBosslet (Martin Bosslet) about 13 years ago. Updated almost 13 years ago.

Status:
Closed
Assignee:
-
Target version:
ruby -v:
trunk
Backport:
[ruby-core:34855]

Description

=begin
Hi,

I read about this bug of OpenSSL this morning: http://rt.openssl.org/Ticket/Display.html?id=2438
What struck me was the following sentence:

"The ASN1 parser should reject indefinite length primitive encodings as
that is illegal."

I tested whether Ruby (trunk) ASN.1 decoding was also affected:

require 'openssl'
require 'pp'

spec = %w{ 02 80 02 01 01 00 00 }
raw = [spec.join('')].pack('H*')
asn1 = OpenSSL::ASN1.decode(raw)
pp asn1

=>

#<OpenSSL::ASN1::Integer:0x8db2538
@infinite_length=false,
@tag=2,
@tag_class=:UNIVERSAL,
@tagging=nil,
@value=0>

This bug is a direct consequence of the bug in OpenSSL referred to above. Parsing
should fail in this case as primitive values cannot have an infinite length without
having the constructed bits set. ( A correct encoding for the above would be this:
%w{ 22 80 02 01 01 00 00 }) But fortunately this is fixed quite easy.
By applying the appended patch, above script yields this exception:

=>

test.rb:6:in decode': Infinite length for primitive value (OpenSSL::ASN1::ASN1Error) from test.rb:6:in '

Regards,
Martin
=end


Files

fix_primitive_inf_length.diff (1.25 KB) fix_primitive_inf_length.diff MartinBosslet (Martin Bosslet), 01/26/2011 09:35 AM
Actions

Also available in: Atom PDF

Like0
Like0Like0