Only allow indefinite lengths for constructed types.
Equivalent of e532f823d689d37571d7a58edd24533a951f35d9 for CBS.
Change-Id: I5c31f589db119115c78da3f0d592d71254836f89
Reviewed-on: https://boringssl-review.googlesource.com/1508
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bytestring/bytestring_test.c b/crypto/bytestring/bytestring_test.c
index e02eeaa..20ce571 100644
--- a/crypto/bytestring/bytestring_test.c
+++ b/crypto/bytestring/bytestring_test.c
@@ -151,6 +151,7 @@
static const uint8_t kDataWithBadInternalLength[] = {0x30, 0x80, 0x01, 0x01};
static const uint8_t kDataNested[] = {0x30, 0x80, 0x30, 0x80, 0x30, 0x80,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+ static const uint8_t kDataPrimitive[] = {0x02, 0x80, 0x00, 0x00};
CBS data, contents;
CBS_init(&data, kData1, sizeof(kData1));
@@ -188,6 +189,14 @@
return 0;
}
+ CBS_init(&data, kDataPrimitive, sizeof(kDataPrimitive));
+ if (CBS_get_asn1_ber(&data, &contents, 0x02)) {
+ /* Indefinite lengths should not be supported for non-constructed
+ * elements. */
+ fprintf(stderr, "Parsed non-constructed element with indefinite length\n");
+ return 0;
+ }
+
return 1;
}
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c
index 3478613..547b5a4 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.c
@@ -227,7 +227,8 @@
const size_t num_bytes = length_byte & 0x7f;
uint32_t len32;
- if (depth < MAX_DEPTH && num_bytes == 0) {
+ if ((tag & CBS_ASN1_CONSTRUCTED) != 0 && depth < MAX_DEPTH &&
+ num_bytes == 0) {
/* indefinite length */
*out_header_len = 2;
if (was_indefinite_len) {