asn1: prohibit indefinite length form for primitive encoding

rhenium · rhenium · commit a2b32a48274b · 2017-07-23T13:32:35.000+09:00
The setter method #indefinite_length= for OpenSSL::ASN1::Primitive is
undef-ed, but we can still set 'indefinite_length' to true illegally
when constructing an object with the raw OpenSSL::ASN1::ASN1Data.

Indefinite length form is not possible in primitive encoding. Raise an
exception in OpenSSL::ASN1::ASN1Data#to_der if specified.
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
@@ -716,6 +716,8 @@ ossl_asn1data_to_der(VALUE self)
     tag_class = ossl_asn1_tag_class(self);
     inf_length = ossl_asn1_get_indefinite_length(self);
     if (inf_length == Qtrue) {
+	if (is_cons == 0)
+	    ossl_raise(eASN1Error, "indefinite form used for primitive encoding");
 	is_cons = 2;
     }
     if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
diff --git a/test/test_asn1.rb b/test/test_asn1.rb
@@ -426,6 +426,9 @@ def test_basic_asn1data
     ], 1, :APPLICATION)
     obj.indefinite_length = true
     encode_decode_test B(%w{ 61 80 C2 02 AB CD 00 00 }), obj
+    obj = OpenSSL::ASN1::ASN1Data.new(B(%w{ AB CD }), 1, :UNIVERSAL)
+    obj.indefinite_length = true
+    assert_raise(OpenSSL::ASN1::ASN1Error) { obj.to_der }
   end
 
   def test_basic_primitive

Original file line number	Diff line number	Diff line change
`@@ -716,6 +716,8 @@ ossl_asn1data_to_der(VALUE self)`
`716`	`716`	`tag_class = ossl_asn1_tag_class(self);`
`717`	`717`	`inf_length = ossl_asn1_get_indefinite_length(self);`
`718`	`718`	`if (inf_length == Qtrue) {`
	`719`	`+ if (is_cons == 0)`
	`720`	`+ ossl_raise(eASN1Error, "indefinite form used for primitive encoding");`
`719`	`721`	`is_cons = 2;`
`720`	`722`	`}`
`721`	`723`	`if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)`