diff options
author | David Benjamin <davidben@chromium.org> | 2014-10-21 00:45:25 -0400 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2014-10-24 18:26:11 +0000 |
commit | fbe6f498cdb6c01331afb9bc11c05cb95a3548e5 (patch) | |
tree | e2d72c48d0a4e685414fb7fd843882def34037ea | |
parent | b5b685496891feb1ea0fe2e7d9a7cfcffd7f1f4f (diff) | |
download | boringssl-fbe6f498cdb6c01331afb9bc11c05cb95a3548e5.zip boringssl-fbe6f498cdb6c01331afb9bc11c05cb95a3548e5.tar.gz boringssl-fbe6f498cdb6c01331afb9bc11c05cb95a3548e5.tar.bz2 |
The empty contents are not a valid ASN.1 INTEGER.
Zero is encoded as a single zero octet. Per X.690, 8.3.1:
The encoding of an integer value shall be primitive. The contents octets
shall consist of one or more octets.
Change-Id: If4304a2be5117b71446a3a62a2b8a6124f85a202
Reviewed-on: https://boringssl-review.googlesource.com/2010
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | crypto/bytestring/bytestring_test.c | 2 | ||||
-rw-r--r-- | crypto/bytestring/cbs.c | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/crypto/bytestring/bytestring_test.c b/crypto/bytestring/bytestring_test.c index da30dbb..43c99dc 100644 --- a/crypto/bytestring/bytestring_test.c +++ b/crypto/bytestring/bytestring_test.c @@ -467,6 +467,8 @@ typedef struct { static const ASN1_INVALID_UINT64_TEST kAsn1InvalidUint64Tests[] = { /* Bad tag. */ {"\x03\x01\x00", 3}, + /* Empty contents. */ + {"\x02\x00", 2}, /* Negative number. */ {"\x02\x01\x80", 3}, /* Overflow */ diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c index 07cc126..1d1da88 100644 --- a/crypto/bytestring/cbs.c +++ b/crypto/bytestring/cbs.c @@ -284,7 +284,12 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) { data = CBS_data(&bytes); len = CBS_len(&bytes); - if (len > 0 && (data[0] & 0x80) != 0) { + if (len == 0) { + /* An INTEGER is encoded with at least one octet. */ + return 0; + } + + if ((data[0] & 0x80) != 0) { /* negative number */ return 0; } |