From: Martin Bosslet Date: 2011-01-26T09:35:40+09:00 Subject: [ruby-core:34855] [Ruby 1.9-Bug#4324][Open] [ext/openssl] Parsing of incorrect ASN.1 values succeeds --mimepart_4d3f6c59d101_1dc2adc1eaa180f2 Content-Type: text/plain Content-Transfer-Encoding: Quoted-printable Content-Disposition: inline Bug #4324: [ext/openssl] Parsing of incorrect ASN.1 values succeeds http://redmine.ruby-lang.org/issues/show/4324 Author: Martin Bosslet Status: Open, Priority: Normal Category: ext, Target version: 1.9.3 ruby -v: trunk Hi, I read about this bug of OpenSSL this morning: http://rt.openssl.org/Tick= et/Display.html?id=3D2438 What struck me was the following sentence: "The ASN1 parser should reject indefinite length primitive encodings as that is illegal." I tested whether Ruby (trunk) ASN.1 decoding was also affected: require 'openssl' require 'pp' spec =3D %w{ 02 80 02 01 01 00 00 } raw =3D [spec.join('')].pack('H*') asn1 =3D OpenSSL::ASN1.decode(raw) pp asn1 =3D> # This bug is a direct consequence of the bug in OpenSSL referred to above.= Parsing should fail in this case as primitive values cannot have an infinite leng= th without having the constructed bits set. ( A correct encoding for the above would= be this: %w{ 22 80 02 01 01 00 00 }) But fortunately this is fixed quite easy. By applying the appended patch, above script yields this exception: =3D> test.rb:6:in `decode': Infinite length for primitive value (OpenSSL::ASN1= ::ASN1Error) from test.rb:6:in `
' Regards, Martin ---------------------------------------- http://redmine.ruby-lang.org --mimepart_4d3f6c59d101_1dc2adc1eaa180f2 Content-Type: text/x-patch; name=fix_primitive_inf_length.diff Content-Transfer-Encoding: Base64 Content-Disposition: attachment; filename=fix_primitive_inf_length.diff ClByb3BlcnR5IGNoYW5nZXMgb246IHJ1YnkvZXh0L29wZW5zc2wKX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXwpNb2RpZmllZDogc3ZuOmlnbm9yZQogICAtIEdO VW1ha2VmaWxlCk1ha2VmaWxlCmRlcApleHRjb25mLmgKbWttZi5sb2cKb3Bl bnNzbC5hCmNvbmZ0ZXN0LmRTWU0KCiAgICsgR05VbWFrZWZpbGUKTWFrZWZp bGUKZGVwCmV4dGNvbmYuaApta21mLmxvZwpvcGVuc3NsLmEKY29uZnRlc3Qu ZFNZTQpvcGVuc3NsLnNvCgoKSW5kZXg6IHJ1YnkvZXh0L29wZW5zc2wvb3Nz bF9hc24xLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gcnVieS9leHQv b3BlbnNzbC9vc3NsX2FzbjEuYwkocmV2aXNpb24gMzA2NDApCisrKyBydWJ5 L2V4dC9vcGVuc3NsL29zc2xfYXNuMS5jCSh3b3JraW5nIGNvcHkpCkBAIC03 NzIsNiArNzcyLDkgQEAKIAkgICAgZWxzZSB2YWx1ZSA9IG9zc2xfYXNuMV9k ZWNvZGUwKCZwLCBsZW4sICZvZmYsIGRlcHRoKzEsIDAsIHlpZWxkKTsKIAl9 CiAJZWxzZXsKKwkgICAgaWYgKChqICYgMHgwMSkgJiYgKGxlbiA9PSAwKSkg eworCQlvc3NsX3JhaXNlKGVBU04xRXJyb3IsICJJbmZpbml0ZSBsZW5ndGgg Zm9yIHByaW1pdGl2ZSB2YWx1ZSIpOworCSAgICB9CiAJICAgIHZhbHVlID0g cmJfc3RyX25ldygoY29uc3QgY2hhciAqKXAsIGxlbik7CiAJICAgIHAgKz0g bGVuOwogCSAgICBvZmYgKz0gbGVuOwpJbmRleDogcnVieS90ZXN0L29wZW5z c2wvdGVzdF9hc24xLnJiCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHJ1 YnkvdGVzdC9vcGVuc3NsL3Rlc3RfYXNuMS5yYgkocmV2aXNpb24gMzA2NDAp CisrKyBydWJ5L3Rlc3Qvb3BlbnNzbC90ZXN0X2FzbjEucmIJKHdvcmtpbmcg Y29weSkKQEAgLTQzMCw0ICs0MzAsMTMgQEAKICAgICBlbmQKICAgZW5kCiAg IAorICBkZWYgdGVzdF9wcmltaXRpdmVfaW5mX2xlbmd0aAorICAgIGFzc2Vy dF9yYWlzZXMoT3BlblNTTDo6QVNOMTo6QVNOMUVycm9yKSBkbworICAgICAg c3BlYyA9ICV3eyAwMiA4MCAwMiAwMSAwMSAwMCAwMCB9CisgICAgICByYXcg PSBbc3BlYy5qb2luKCcnKV0ucGFjaygnSConKQorICAgICAgT3BlblNTTDo6 QVNOMS5kZWNvZGUocmF3KQorICAgIGVuZAorICBlbmQKKyAgCiBlbmQgaWYg ZGVmaW5lZD8oT3BlblNTTCkKKwo= --mimepart_4d3f6c59d101_1dc2adc1eaa180f2--