Skip to content

encoding/asn1: only accept minimally encoded base 128 integers #38281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

encoding/asn1: only accept minimally encoded base 128 integers #38281

wants to merge 2 commits into from

Conversation

rolandshoemaker
Copy link
Member

@rolandshoemaker rolandshoemaker commented Apr 6, 2020
edited
Loading

Reject base 128 encoded integers that aren't using minimal encoding,
specifically if the leading octet of an encoded integer is 0x80. This
only affects parsing of tags and OIDs, both of which expect this
encoding (see X.690 8.1.2.4.2 and 8.19.2).

Fixes #36881

@rolandshoemaker
encoding/asn1: only accept minimally encoded base 128 integers
b525816 
Reject base 128 encoded integers that aren't using minimal encoding,
specifically if the leading octet of an encoded integer is 0x80. This
only affects parsing of tags and OIDs, both of which expect this
encoding (see X.690 8.1.2.4.2 and 8.19.2).

Fixes golang#36881

Change-Id: I969cf48ac1fba7e56bac334672806a0784d3e123
@googlebot googlebot added the cla: yes Used by googlebot to label PRs as having a valid CLA. The text of this label should not change. label Apr 6, 2020
@rolandshoemaker
Remove debug print
fefc03d 
Change-Id: Ifd030ea56ebbdc2c7680c95eaf2941ba3645e4ec
@rolandshoemaker rolandshoemaker force-pushed the reject-non-minimal-oid-encoding branch from c27be6c to fefc03d Compare April 6, 2020 18:22
@gopherbot
Copy link
Contributor

This PR (HEAD: fefc03d) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/227320 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Emmanuel Odeke:

Patch Set 2: Run-TryBot+1

Thank you for this change Roland! We are only 1 day away from the Go1.15 code freeze,
so there is a big chance that unfortunately this change won't make it, but hoping for
the best and my biggest apologies for not getting a response, as folks have been swamped.

Please don’t reply on this GitHub thread. Visit golang.org/cl/227320.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Gobot Gobot:

Patch Set 2:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=ffbd48b9

Please don’t reply on this GitHub thread. Visit golang.org/cl/227320.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Gobot Gobot:

Patch Set 2: TryBot-Result+1

TryBots are happy.

Please don’t reply on this GitHub thread. Visit golang.org/cl/227320.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Roland Shoemaker:

Patch Set 2:

Patch Set 2: Run-TryBot+1

Thank you for this change Roland! We are only 1 day away from the Go1.15 code freeze,
so there is a big chance that unfortunately this change won't make it, but hoping for
the best and my biggest apologies for not getting a response, as folks have been swamped.

No worries, there is no real rush to get this in, so feel free to prioritize other more important things.

Please don’t reply on this GitHub thread. Visit golang.org/cl/227320.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Filippo Valsorda:

Patch Set 3: Code-Review+2

Please don’t reply on this GitHub thread. Visit golang.org/cl/227320.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Emmanuel Odeke:

Patch Set 3: Run-TryBot+1

Thanks for the review, Filippo!

Please don’t reply on this GitHub thread. Visit golang.org/cl/227320.
After addressing review feedback, remember to publish your drafts!

@gopherbot
Copy link
Contributor

Message from Gobot Gobot:

Patch Set 3:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=c2b959dc

Please don’t reply on this GitHub thread. Visit golang.org/cl/227320.
After addressing review feedback, remember to publish your drafts!

gopherbot pushed a commit that referenced this pull request May 7, 2020
@rolandshoemaker @odeke-em
encoding/asn1: only accept minimally encoded base 128 integers
1764819 
Reject base 128 encoded integers that aren't using minimal encoding,
specifically if the leading octet of an encoded integer is 0x80. This
only affects parsing of tags and OIDs, both of which expect this
encoding (see X.690 8.1.2.4.2 and 8.19.2).

Fixes #36881

Change-Id: I969cf48ac1fba7e56bac334672806a0784d3e123
GitHub-Last-Rev: fefc03d
GitHub-Pull-Request: #38281
Reviewed-on: https://go-review.googlesource.com/c/go/+/227320
Reviewed-by: Filippo Valsorda <[email protected]>
Run-TryBot: Emmanuel Odeke <[email protected]>
TryBot-Result: Gobot Gobot <[email protected]>
@gopherbot
Copy link
Contributor

This PR is being closed because golang.org/cl/227320 has been merged.

@gopherbot gopherbot closed this May 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla: yes Used by googlebot to label PRs as having a valid CLA. The text of this label should not change.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

encoding/asn1: accepts non-minimal OID encoding
3 participants
@rolandshoemaker @gopherbot @googlebot