Bug #4324
closed
[ext/openssl] Parsing of incorrect ASN.1 values succeeds
Description
=begin
Hi,
I read about this bug of OpenSSL this morning: http://rt.openssl.org/Ticket/Display.html?id=2438
What struck me was the following sentence:
"The ASN1 parser should reject indefinite length primitive encodings as
that is illegal."
I tested whether Ruby (trunk) ASN.1 decoding was also affected:
require 'openssl'
require 'pp'
spec = %w{ 02 80 02 01 01 00 00 }
raw = [spec.join('')].pack('H*')
asn1 = OpenSSL::ASN1.decode(raw)
pp asn1
=>
#<OpenSSL::ASN1::Integer:0x8db2538
@infinite_length=false,
@tag=2,
@tag_class=:UNIVERSAL,
@tagging=nil,
@value=0>
This bug is a direct consequence of the bug in OpenSSL referred to above. Parsing
should fail in this case as primitive values cannot have an infinite length without
having the constructed bits set. ( A correct encoding for the above would be this:
%w{ 22 80 02 01 01 00 00 }) But fortunately this is fixed quite easy.
By applying the appended patch, above script yields this exception:
=>
test.rb:6:in decode': Infinite length for primitive value (OpenSSL::ASN1::ASN1Error) from test.rb:6:in '
Regards,
Martin
=end
Files
Updated by 
Updated by