ASN1: limit OID length

2024-11-17 18:55:13 +00:00 · 2024-02-24 13:07:01 -06:00 · 2024-02-24 13:07:01 -06:00 · e32531001b
commit e32531001b
parent ad5dbdf212
3 changed files with 18 additions and 0 deletions
--- a/phpseclib/File/ASN1.php
+++ b/phpseclib/File/ASN1.php
@ -1277,6 +1277,11 @@ class File_ASN1
        $oid = array();
        $pos = 0;
        $len = strlen($content);
+        // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55
+        if ($len > 4096) {
+            //user_error('Object Identifier size is limited to 4096 bytes');
+            return false;
+        }

        if (ord($content[$len - 1]) & 0x80) {
            return false;
--- a/tests/Unit/File/ASN1/mal-cert-02.der
+++ b/tests/Unit/File/ASN1/mal-cert-02.der
--- a/tests/Unit/File/ASN1Test.php
+++ b/tests/Unit/File/ASN1Test.php
@ -448,4 +448,17 @@ class Unit_File_ASN1Test extends PhpseclibTestCase
        $decoded = $asn1->decodeBER($em);
        $this->assertFalse($decoded[0]);
    }
+
+    public function testLongOID()
+    {
+        $cert = file_get_contents(dirname(__FILE__) . '/ASN1/mal-cert-02.der');
+
+        $asn1 = new File_ASN1();
+        //$this->setExpectedException('PHPUnit_Framework_Error_Notice');
+        $decoded = $asn1->decodeBER($cert);
+        $this->assertFalse($decoded[0]);
+
+        //$x509 = new X509();
+        //$x509->loadX509($cert);
+    }
 }