From 5c2ffd254416e3cca3f1557557b0ccc3e5e5c08f Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 28 Aug 2016 10:38:01 -0500 Subject: [PATCH] ASN1: fix infinite loop during ASN1 decode process --- phpseclib/File/ASN1.php | 2 +- tests/Unit/File/ASN1Test.php | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index b30493e4..b7f7c119 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -366,7 +366,7 @@ class File_ASN1 $newcontent = array(); $remainingLength = $length; while ($remainingLength > 0) { - $temp = $this->_decode_ber($content, $start); + $temp = $this->_decode_ber($content, $start, $content_pos); $length = $temp['length']; // end-of-content octets - see paragraph 8.1.5 if (substr($content, $content_pos + $length, 2) == "\0\0") { diff --git a/tests/Unit/File/ASN1Test.php b/tests/Unit/File/ASN1Test.php index fe0e01b4..2708b858 100644 --- a/tests/Unit/File/ASN1Test.php +++ b/tests/Unit/File/ASN1Test.php @@ -289,4 +289,14 @@ class Unit_File_ASN1Test extends PhpseclibTestCase $this->assertInternalType('array', $decoded); $this->assertCount(0, $decoded[0]['content']); } + + /** + * @group github1027 + */ + public function testInfiniteLoop() + { + $asn1 = new File_ASN1(); + $data = base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw=='); + $asn1->decodeBER($data); + } }