diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index 36dbe17a..fbc06063 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -333,6 +333,9 @@ abstract class ASN1 $remainingLength = $length; while ($remainingLength > 0) { $temp = self::decode_ber($content, $start, $content_pos); + if ($temp === false) { + break; + } $length = $temp['length']; // end-of-content octets - see paragraph 8.1.5 if (substr($content, $content_pos + $length, 2) == "\0\0") { @@ -384,6 +387,9 @@ abstract class ASN1 $current['content'] = substr($content, $content_pos); } else { $temp = self::decode_ber($content, $start, $content_pos); + if ($temp === false) { + return false; + } $length-= (strlen($content) - $content_pos); $last = count($temp) - 1; for ($i = 0; $i < $last; $i++) { @@ -408,6 +414,9 @@ abstract class ASN1 $length = 0; while (substr($content, $content_pos, 2) != "\0\0") { $temp = self::decode_ber($content, $length + $start, $content_pos); + if ($temp === false) { + return false; + } $content_pos += $temp['length']; // all subtags should be octet strings //if ($temp['type'] != self::TYPE_OCTET_STRING) { @@ -440,6 +449,9 @@ abstract class ASN1 break 2; } $temp = self::decode_ber($content, $start + $offset, $content_pos); + if ($temp === false) { + return false; + } $content_pos += $temp['length']; $current['content'][] = $temp; $offset+= $temp['length']; diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php index 952f03a2..e8c80b98 100644 --- a/tests/Unit/File/ASN1Test.php +++ b/tests/Unit/File/ASN1Test.php @@ -335,4 +335,13 @@ class Unit_File_ASN1Test extends PhpseclibTestCase $this->assertSame($data, $arr); } + + /** + * @group github1296 + */ + public function testInvalidCertificate() + { + $data = 'a' . base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw=='); + ASN1::decodeBER($data); + } }