diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index 3d49d45e..cf3fe501 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -268,9 +268,10 @@ abstract class ASN1 $tag = 0; // process septets (since the eighth bit is ignored, it's not an octet) do { - $loop = ord($encoded[0]) >> 7; + $temp = ord($encoded[$encoded_pos++]); + $loop = $temp >> 7; $tag <<= 7; - $tag |= ord($encoded[$encoded_pos++]) & 0x7F; + $tag |= $temp & 0x7F; $start++; } while ($loop); } diff --git a/phpseclib/Math/BigInteger/Engines/Engine.php b/phpseclib/Math/BigInteger/Engines/Engine.php index 9b6c0655..39b641cf 100644 --- a/phpseclib/Math/BigInteger/Engines/Engine.php +++ b/phpseclib/Math/BigInteger/Engines/Engine.php @@ -145,7 +145,7 @@ abstract class Engine implements \Serializable // (?<=^|-)0*: find any 0's that are preceded by the start of the string or by a - (ie. octals) // [^-0-9].*: find any non-numeric characters and then any characters that follow that $this->value = preg_replace('#(?value)) { + if (!strlen($this->value) || $this->value == '-') { $this->value = '0'; } static::initialize($base); diff --git a/phpseclib/Math/BigInteger/Engines/GMP.php b/phpseclib/Math/BigInteger/Engines/GMP.php index 333829c1..262e55c2 100644 --- a/phpseclib/Math/BigInteger/Engines/GMP.php +++ b/phpseclib/Math/BigInteger/Engines/GMP.php @@ -296,7 +296,14 @@ class GMP extends Engine */ public function compare(GMP $y) { - return gmp_cmp($this->value, $y->value); + $r = gmp_cmp($this->value, $y->value); + if ($r < -1) { + $r = -1; + } + if ($r > 1) { + $r = 1; + } + return $r; } /** diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index 23baed42..4da2300f 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -856,5 +856,23 @@ wkwhE/JaQAEHq2PHnEmvwyBiJcHSdLXkcLzYlg19Ho0BPqVKdulx8GAk $r = $x509->loadX509($result); $this->assertArrayHasKey('tbsCertificate', $r); + + public function testLongTagOnBadCert() + { + // the problem with this cert is that it'd cause an infinite loop + $x509 = new X509(); + $r = @$x509->loadX509('-----BEGIN CERTIFICATE----- +MIIBjDCCATGgAwIBAgIJAJSiNCIEEiyyMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMM +AkNBMB4XDTE5MDUwOTAzMTUzMFoXDTE5MDYwODAzMTUzMFowDTELMAkGA1UEAwwC +Q0FNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU4K0R0TDM0Syt0 +RzZGR3o2QXJ2QzlySnlmN1Y5N09wY3ZWeG1IbjRXQStXc0E2L0dxLzZ1cUFBdG5Y +RDZOQUxsRVVSVFZCcmlvNjB4L0xZN1ZoTmx0UT09o1kwVzAgBgNVHQ4BAf8EFgQU +25GbjmtucxjEGkWrB2R6AB6/yrkwIgYDVR0jAQH/BBgwFoAU25GbjmtucxjEGkWr +B2R6AB6/yrkwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEA6ZB6 ++KlUM1ZXFrxtDxLWqp51myWDulWjnK6cl7b5AVgCIQCRdthTn8JlN5bRSnJ6qiCk +A9bhRA0cVk7bAEU2c44CYg== +-----END CERTIFICATE-----'); + + $this->assertFalse($r); } } diff --git a/tests/Unit/Math/BigInteger/TestCase.php b/tests/Unit/Math/BigInteger/TestCase.php index 800258b2..f8697e4e 100644 --- a/tests/Unit/Math/BigInteger/TestCase.php +++ b/tests/Unit/Math/BigInteger/TestCase.php @@ -178,6 +178,9 @@ abstract class Unit_Math_BigInteger_TestCase extends PhpseclibTestCase // c < d $this->assertLessThan(0, $c->compare($d)); $this->assertGreaterThan(0, $d->compare($c)); + + $this->assertSame(-1, $this->getInstance(-999)->compare($this->getInstance(370))); + $this->assertSame(1, $this->getInstance(999)->compare($this->getInstance(-700))); } public function testBitwiseAND() @@ -457,4 +460,13 @@ abstract class Unit_Math_BigInteger_TestCase extends PhpseclibTestCase $temp = $this->getInstance(48); $this->assertSame($temp->toHex(true), '30'); } + + public function testZeroBase10() + { + $temp = $this->getInstance('00'); + $this->assertSame($temp->toString(), '0'); + + $temp = $this->getInstance('-0'); + $this->assertSame($temp->toString(), '0'); + } }