--mimepart_4d3f6c59d101_1dc2adc1eaa180f2
Content-Type: text/plain
Content-Transfer-Encoding: Quoted-printable
Content-Disposition: inline

Bug #4324: [ext/openssl] Parsing of incorrect ASN.1 values succeeds
http://redmine.ruby-lang.org/issues/show/4324

Author: Martin Bosslet
Status: Open, Priority: Normal
Category: ext, Target version: 1.9.3
ruby -v: trunk

Hi,

I read about this bug of OpenSSL this morning: http://rt.openssl.org/Ticket/Display.html?id=2438
What struck me was the following sentence:

"The ASN1 parser should reject indefinite length primitive encodings as
that is illegal."

I tested whether Ruby (trunk) ASN.1 decoding was also affected:

require 'openssl'
require 'pp'

spec = %w{ 02 80 02 01 01 00 00 }
raw = [spec.join('')].pack('H*')
asn1 = OpenSSL::ASN1.decode(raw)
pp asn1

=>

#<OpenSSL::ASN1::Integer:0x8db2538
 @infinite_length=false,
 @tag=2,
 @tag_class=:UNIVERSAL,
 @tagging=nil,
 @value=0>

This bug is a direct consequence of the bug in OpenSSL referred to above.arsing
should fail in this case as primitive values cannot have an infinite length without
having the constructed bits set. ( A correct encoding for the above woulde this:
%w{ 22 80 02 01 01 00 00 }) But fortunately this is fixed quite easy.
By applying the appended patch, above script yields this exception:

=>

test.rb:6:in `decode': Infinite length for primitive value (OpenSSL::ASN1::ASN1Error)
	from test.rb:6:in `<main>'

Regards,
Martin


----------------------------------------
http://redmine.ruby-lang.org

--mimepart_4d3f6c59d101_1dc2adc1eaa180f2
Content-Type: text/x-patch; name=fix_primitive_inf_length.diff
Content-Transfer-Encoding: Base64
Content-Disposition: attachment; filename=fix_primitive_inf_length.diff

ClByb3BlcnR5IGNoYW5nZXMgb246IHJ1YnkvZXh0L29wZW5zc2wKX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fXwpNb2RpZmllZDogc3ZuOmlnbm9yZQogICAtIEdO
VW1ha2VmaWxlCk1ha2VmaWxlCmRlcApleHRjb25mLmgKbWttZi5sb2cKb3Bl
bnNzbC5hCmNvbmZ0ZXN0LmRTWU0KCiAgICsgR05VbWFrZWZpbGUKTWFrZWZp
bGUKZGVwCmV4dGNvbmYuaApta21mLmxvZwpvcGVuc3NsLmEKY29uZnRlc3Qu
ZFNZTQpvcGVuc3NsLnNvCgoKSW5kZXg6IHJ1YnkvZXh0L29wZW5zc2wvb3Nz
bF9hc24xLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gcnVieS9leHQv
b3BlbnNzbC9vc3NsX2FzbjEuYwkocmV2aXNpb24gMzA2NDApCisrKyBydWJ5
L2V4dC9vcGVuc3NsL29zc2xfYXNuMS5jCSh3b3JraW5nIGNvcHkpCkBAIC03
NzIsNiArNzcyLDkgQEAKIAkgICAgZWxzZSB2YWx1ZSA9IG9zc2xfYXNuMV9k
ZWNvZGUwKCZwLCBsZW4sICZvZmYsIGRlcHRoKzEsIDAsIHlpZWxkKTsKIAl9
CiAJZWxzZXsKKwkgICAgaWYgKChqICYgMHgwMSkgJiYgKGxlbiA9PSAwKSkg
eworCQlvc3NsX3JhaXNlKGVBU04xRXJyb3IsICJJbmZpbml0ZSBsZW5ndGgg
Zm9yIHByaW1pdGl2ZSB2YWx1ZSIpOworCSAgICB9CiAJICAgIHZhbHVlID0g
cmJfc3RyX25ldygoY29uc3QgY2hhciAqKXAsIGxlbik7CiAJICAgIHAgKz0g
bGVuOwogCSAgICBvZmYgKz0gbGVuOwpJbmRleDogcnVieS90ZXN0L29wZW5z
c2wvdGVzdF9hc24xLnJiCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHJ1
YnkvdGVzdC9vcGVuc3NsL3Rlc3RfYXNuMS5yYgkocmV2aXNpb24gMzA2NDAp
CisrKyBydWJ5L3Rlc3Qvb3BlbnNzbC90ZXN0X2FzbjEucmIJKHdvcmtpbmcg
Y29weSkKQEAgLTQzMCw0ICs0MzAsMTMgQEAKICAgICBlbmQKICAgZW5kCiAg
IAorICBkZWYgdGVzdF9wcmltaXRpdmVfaW5mX2xlbmd0aAorICAgIGFzc2Vy
dF9yYWlzZXMoT3BlblNTTDo6QVNOMTo6QVNOMUVycm9yKSBkbworICAgICAg
c3BlYyA9ICV3eyAwMiA4MCAwMiAwMSAwMSAwMCAwMCB9CisgICAgICByYXcg
PSBbc3BlYy5qb2luKCcnKV0ucGFjaygnSConKQorICAgICAgT3BlblNTTDo6
QVNOMS5kZWNvZGUocmF3KQorICAgIGVuZAorICBlbmQKKyAgCiBlbmQgaWYg
ZGVmaW5lZD8oT3BlblNTTCkKKwo-mimepart_4d3f6c59d101_1dc2adc1eaa180f2--