Merge branch 'moosa-2.0' into moosa-3.0

This commit is contained in:
terrafrost 2021-04-03 13:28:23 -05:00
commit 104a57badd
2 changed files with 43 additions and 2 deletions

View File

@ -356,13 +356,16 @@ abstract class ASN1
switch ($tag) { switch ($tag) {
case self::TYPE_BOOLEAN: case self::TYPE_BOOLEAN:
// "The contents octets shall consist of a single octet." -- paragraph 8.2.1 // "The contents octets shall consist of a single octet." -- paragraph 8.2.1
if (strlen($content) != 1) { if ($constructed || strlen($content) != 1) {
return false; return false;
} }
$current['content'] = (bool) ord($content[$content_pos]); $current['content'] = (bool) ord($content[$content_pos]);
break; break;
case self::TYPE_INTEGER: case self::TYPE_INTEGER:
case self::TYPE_ENUMERATED: case self::TYPE_ENUMERATED:
if ($constructed) {
return false;
}
$current['content'] = new BigInteger(substr($content, $content_pos), -256); $current['content'] = new BigInteger(substr($content, $content_pos), -256);
break; break;
case self::TYPE_REAL: // not currently supported case self::TYPE_REAL: // not currently supported
@ -420,12 +423,15 @@ abstract class ASN1
break; break;
case self::TYPE_NULL: case self::TYPE_NULL:
// "The contents octets shall not contain any octets." -- paragraph 8.8.2 // "The contents octets shall not contain any octets." -- paragraph 8.8.2
if (strlen($content)) { if ($constructed || strlen($content)) {
return false; return false;
} }
break; break;
case self::TYPE_SEQUENCE: case self::TYPE_SEQUENCE:
case self::TYPE_SET: case self::TYPE_SET:
if (!$constructed) {
return false;
}
$offset = 0; $offset = 0;
$current['content'] = []; $current['content'] = [];
$content_len = strlen($content); $content_len = strlen($content);
@ -446,7 +452,14 @@ abstract class ASN1
} }
break; break;
case self::TYPE_OBJECT_IDENTIFIER: case self::TYPE_OBJECT_IDENTIFIER:
<<<<<<< HEAD
$current['content'] = self::decodeOID(substr($content, $content_pos)); $current['content'] = self::decodeOID(substr($content, $content_pos));
=======
if ($constructed) {
return false;
}
$current['content'] = $this->_decodeOID(substr($content, $content_pos));
>>>>>>> moosa-2.0
if ($current['content'] === false) { if ($current['content'] === false) {
return false; return false;
} }
@ -479,10 +492,16 @@ abstract class ASN1
case self::TYPE_UTF8_STRING: case self::TYPE_UTF8_STRING:
// ???? // ????
case self::TYPE_BMP_STRING: case self::TYPE_BMP_STRING:
if ($constructed) {
return false;
}
$current['content'] = substr($content, $content_pos); $current['content'] = substr($content, $content_pos);
break; break;
case self::TYPE_UTC_TIME: case self::TYPE_UTC_TIME:
case self::TYPE_GENERALIZED_TIME: case self::TYPE_GENERALIZED_TIME:
if ($constructed) {
return false;
}
$current['content'] = self::decodeTime(substr($content, $content_pos), $tag); $current['content'] = self::decodeTime(substr($content, $content_pos), $tag);
default: default:
} }

View File

@ -392,4 +392,26 @@ class Unit_File_ASN1Test extends PhpseclibTestCase
$this->assertIsArray($a); $this->assertIsArray($a);
} }
public function testNullGarbage()
{
$em = pack('H*', '3080305c0609608648016503040201054f8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
$decoded = ASN1::decodeBER($em);
$this->assertFalse($decoded[0]);
$em = pack('H*', '3080307f0609608648016503040201057288888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca90000');
$decoded = ASN1::decodeBER($em);
$this->assertFalse($decoded[0]);
}
public function testOIDGarbage()
{
$em = pack('H*', '3080305c065860864801650304020188888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
$decoded = ASN1::decodeBER($em);
$this->assertFalse($decoded[0]);
$em = pack('H*', '3080307f067d608648016503040201888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888804207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
$decoded = ASN1::decodeBER($em);
$this->assertFalse($decoded[0]);
}
} }