From d3a5398fe4a84ab3dd6f36e2bdee7c6ab1534f05 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 3 Jun 2015 23:48:43 -0500 Subject: [PATCH 1/3] ASN1: constructed context-specific tags can have x sub elements previously it only worked for when there was one sub element. --- phpseclib/File/ASN1.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index 1d66793a..6b3cc463 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -357,14 +357,21 @@ class File_ASN1 } $newcontent = array(); - if (strlen($content)) { - $newcontent = $this->_decode_ber($content, $start); - $length = $newcontent['length']; + $remainingLength = $length; + while ($remainingLength) { + $temp = $this->_decode_ber($content, $start); + $length = $temp['length']; + // end-of-content octets - see paragraph 8.1.5 if (substr($content, $length, 2) == "\0\0") { $length+= 2; + $start+= $length; + $newcontent[] = $temp; + break; } $start+= $length; - $newcontent = array($newcontent); + $remainingLength-= $length; + $newcontent[] = $temp; + $this->_string_shift($content, $length); } return array( From 1ecd006685163e302cd81c833802cbfe0be1a0b9 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Thu, 4 Jun 2015 23:08:55 -0500 Subject: [PATCH 2/3] Tests/X509/CSR: add unit test for ASN1 changes --- tests/Unit/File/X509/CSRTest.php | 40 ++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/Unit/File/X509/CSRTest.php b/tests/Unit/File/X509/CSRTest.php index 57bce68a..26577c26 100644 --- a/tests/Unit/File/X509/CSRTest.php +++ b/tests/Unit/File/X509/CSRTest.php @@ -28,4 +28,44 @@ v5RwaQHmQEzHofTzF7I+ $this->assertInternalType('array', $spkac); } + + public function testCSRWithAttributes() + { + $test = '-----BEGIN NEW CERTIFICATE REQUEST----- +MIIFGDCCAwACAQAwOjEWMBQGCgmSJomT8ixkARkWBnNlY3VyZTEgMB4GA1UEAxMX +LlNlY3VyZSBFbnRlcnByaXNlIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQCzgEpL+Za7a3y7YpURDrxlGIBlks25fD0tHaZIYkBTaXA5h+9MWoXn +FA7AlIUt8pbBvXdJbOCmGaeQmBfBH0Qy9vTbx/DR2IOwzqy2ZHuurI5bPL12ceE2 +Mxa9xgY/i7U6MAUtoA3amEd7cKj2fz9EWZruRladOX0DXv9KexSan+45QjCWH+u2 +Cxem2zH9ZDNPGBuAF9YsAvkdHdAoX8aSm05ZAjUiO2e/+L57whh7zZiDY3WIhin7 +N/2JNTKVO6lx50S8a34XUKBt3SKgSR941hcLrBYUNftUYsTPo40bzKKcWqemiH+w +jQiDrln4V2b5EbVeoGWe4UDPXCVmC6UPklG7iYfF0eeK4ujV8uc9PtV2LvGLOFdm +AYE3+FAba5byQATw/DY8EJKQ7ptPigJhVe47NNeJlsKwk1haJ9k8ZazjS+vT45B5 +pqe0yBFAEon8TFnOLnAOblmKO12i0zqMUNAAlmr1c8jNjLr+dhruS+QropZmzZ24 +mAnFG+Y0qpfhMzAxTGQyVjyGwDfRK/ARmtrGpmROjj5+6VuMmZ6Ljf3xN09epmtH +gJe+lYNBlpfUYg16tm+OusnziYnXL6nIo2ChOY/7GNJJif9fjvvaPDCC98K64av5 +5rpIx7N/XH4hwHeQQkEQangExE+8UMyBNFNmvPnIHVHUZdYo4SLsYwIDAQABoIGY +MBsGCisGAQQBgjcNAgMxDRYLNi4zLjk2MDAuMi4weQYJKoZIhvcNAQkOMWwwajAQ +BgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU5nEIMEUT5mMd1WepmviwgK7dIzww +GQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAKZl6bAeaID3b/ic4aztL8ZZI7vi +D3A9otUKx6v1Xe63zDPR+DiWSnxb9m+l8OPtnWkcLkzEIM/IMWorHKUAJ/J871D0 +Qx+0/HbkcrjMtVu/dNrtb9Z9CXup66ZvxTPcpEziq0/n2yw8QdBaa+lli65Qcwcy +tzMQK6WQTRYfvVCIX9AKcPKxwx1DLH+7hL/bERB1lUDu59Jx6fQfqJrFVOY2N8c0 +MGvurfoHGmEoyCMIyvmIMu4+/wSNEE/sSDp4lZ6zuF6rf1m0GiLdTX2XJE+gfvep +JTFmp4S3WFqkszKvaxBIT+jV0XKTNDwnO+dpExwU4jZUh18CdEFkIUuQb0gFF8B7 +WJFVpNdsRqZRPBz83BW1Kjo0yAmaoTrGNmG0p6Qf3K2zbk1+Jik3VZq4rvKoTi20 +6RvLA2//cMNfkYPsuqvoHGe2e0GOLtIB63wJzloWROpb72ohEHsvCKullIJVSuiS +9sfTBAenHCyndgAEd4T3npTUdaiNumVEm5ilZId7LAYekJhkgFu3vlcl8blBJKjE +skVTp7JpBmdXCL/G/6H2SFjca4JMOAy3DxwlGdgneIaXazHs5nBK/BgKPIyPzZ4w +secxBTTCNgI48YezK3GDkn65cmlnkt6F6Mf0MwoDaXTuB88Jycbwb5ihKnHEJIsO +draiRBZruwMPwPIP +-----END NEW CERTIFICATE REQUEST-----'; + + $x509 = new File_X509(); + + $csr = $x509->loadCSR($test); + + $this->assertInternalType('array', $csr); + } } From 11000a93b9eb35673cf2ca917732e54652c150d4 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 7 Jun 2015 09:59:13 -0500 Subject: [PATCH 3/3] ASN1: handle malformed input better --- phpseclib/File/ASN1.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index 6b3cc463..430493c2 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -329,6 +329,10 @@ class File_ASN1 $current+= array('headerlength' => 2); } + if ($length > strlen($encoded)) { + return false; + } + $content = $this->_string_shift($encoded, $length); // at this point $length can be overwritten. it's only accurate for definite length things as is @@ -358,7 +362,7 @@ class File_ASN1 $newcontent = array(); $remainingLength = $length; - while ($remainingLength) { + while ($remainingLength > 0) { $temp = $this->_decode_ber($content, $start); $length = $temp['length']; // end-of-content octets - see paragraph 8.1.5