[go-nuts] [PATCH] encoding/asn1: Check that ObjectIdentifier has minimal encoding

Fri, 11 Jan 2019 05:50:16 -0800 

Greetings!

I think that encoding/asn1 library should be more strict with
DER-encoded objects and must check that ObjectIdentifier has minimal
encoding form: without zero-values bytes at the beginning. Here is the
simple patch to make that check.

Sorry that I am sending it here: I can not register at either Google, or
Github without JavaScript-capable browser to make contribute.html-friendly
pull-request.

-- >8 --

Subject: [PATCH] encoding/asn1: Check that ObjectIdentifier has minimal encoding

ObjectIdentifier arcs can be encoded in non-minimal form with zeros
at the beginning (0x80 ...). It is invalid DER-encoding, but BER one.
---
 src/encoding/asn1/asn1.go      | 4 ++++
 src/encoding/asn1/asn1_test.go | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/src/encoding/asn1/asn1.go b/src/encoding/asn1/asn1.go
index 3cfd9d1276..8bdf9de543 100644
--- a/src/encoding/asn1/asn1.go
+++ b/src/encoding/asn1/asn1.go
@@ -313,6 +313,10 @@ func parseBase128Int(bytes []byte, initOffset int) (ret, 
offset int, err error)
                ret64 <<= 7
                b := bytes[offset]
                ret64 |= int64(b & 0x7f)
+               if offset == initOffset && ret64 == 0 {
+                       err = SyntaxError{"non-minimal base 128 integer"}
+                       return
+               }
                offset++
                if b&0x80 == 0 {
                        ret = int(ret64)
diff --git a/src/encoding/asn1/asn1_test.go b/src/encoding/asn1/asn1_test.go
index f0a54e0cb2..179bc894bc 100644
--- a/src/encoding/asn1/asn1_test.go
+++ b/src/encoding/asn1/asn1_test.go
@@ -237,6 +237,8 @@ var objectIdentifierTestData = []objectIdentifierTest{
        {[]byte{85, 0x02, 0xc0, 0x00}, true, []int{2, 5, 2, 0x2000}},
        {[]byte{0x81, 0x34, 0x03}, true, []int{2, 100, 3}},
        {[]byte{85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}},
+       {[]byte{85, 0x80, 0x01}, false, []int{}},
+       {[]byte{85, 0x01, 0x80, 0x01}, false, []int{}},
 }
 
 func TestObjectIdentifier(t *testing.T) {
-- 
2.18.0

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to