Skip to content

Commit b525816

Browse files
rolandshoemakerrolandshoemaker
committed
encoding/asn1: only accept minimally encoded base 128 integers
Reject base 128 encoded integers that aren't using minimal encoding, specifically if the leading octet of an encoded integer is 0x80. This only affects parsing of tags and OIDs, both of which expect this encoding (see X.690 8.1.2.4.2 and 8.19.2). Fixes #36881 Change-Id: I969cf48ac1fba7e56bac334672806a0784d3e123
1 parent 7dc1c62 commit b525816

File tree

2 files changed

+19
-0
lines changed

2 files changed

+19
-0
lines changed

src/encoding/asn1/asn1.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -283,6 +283,7 @@ func parseObjectIdentifier(bytes []byte) (s ObjectIdentifier, err error) {
283283
if err != nil {
284284
return
285285
}
286+
fmt.Println(v, offset)
286287
s[i] = v
287288
}
288289
s = s[0:i]
@@ -313,6 +314,12 @@ func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err error)
313314
}
314315
ret64 <<= 7
315316
b := bytes[offset]
317+
// integers should be minimally encoded, so the leading octet should
318+
// never be 0x80
319+
if shifted == 0 && b == 0x80 {
320+
err = SyntaxError{"integer is not minimally encoded"}
321+
return
322+
}
316323
ret64 |= int64(b & 0x7f)
317324
offset++
318325
if b&0x80 == 0 {

src/encoding/asn1/asn1_test.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1129,3 +1129,15 @@ func TestBMPString(t *testing.T) {
11291129
}
11301130
}
11311131
}
1132+
1133+
func TestNonMinimalEncodedOID(t *testing.T) {
1134+
h, err := hex.DecodeString("060a2a80864886f70d01010b")
1135+
if err != nil {
1136+
t.Fatalf("failed to decode from hex string: %s", err)
1137+
}
1138+
var oid ObjectIdentifier
1139+
_, err = Unmarshal(h, &oid)
1140+
if err == nil {
1141+
t.Fatalf("accepted non-minimally encoded oid")
1142+
}
1143+
}

0 commit comments

Comments
 (0)