diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index d1a7719f..fb2d6448 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -234,6 +234,9 @@ class ASN1 { $current = array('start' => $start); + if (!isset($encoded[$encoded_pos])) { + return false; + } $type = ord($encoded[$encoded_pos++]); $startOffset = 1; @@ -244,6 +247,9 @@ class ASN1 $tag = 0; // process septets (since the eighth bit is ignored, it's not an octet) do { + if (!isset($encoded[$encoded_pos])) { + return false; + } $temp = ord($encoded[$encoded_pos++]); $startOffset++; $loop = $temp >> 7; @@ -260,6 +266,9 @@ class ASN1 $start+= $startOffset; // Length, as discussed in paragraph 8.1.3 of X.690-0207.pdf#page=13 + if (!isset($encoded[$encoded_pos])) { + return false; + } $length = ord($encoded[$encoded_pos++]); $start++; if ($length == 0x80) { // indefinite length diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index fa3c0264..0da0b83c 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -1622,7 +1622,6 @@ class X509 $id = $extensions[$i]['extnId']; $value = &$extensions[$i]['extnValue']; $value = base64_decode($value); - $decoded = $asn1->decodeBER($value); /* [extnValue] contains the DER encoding of an ASN.1 value corresponding to the extension type identified by extnID */ $map = $this->_getMapping($id); @@ -1630,6 +1629,7 @@ class X509 $decoder = $id == 'id-ce-nameConstraints' ? array($this, '_decodeNameConstraintIP') : array($this, '_decodeIP'); + $decoded = $asn1->decodeBER($value); $mapped = $asn1->asn1map($decoded[0], $map, array('iPAddress' => $decoder)); $value = $mapped === false ? $decoded[0] : $mapped; diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index d40ad311..f7f85e64 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -926,4 +926,38 @@ qzFkAKWjJj4KjfrbZX4C0Spfxw== $this->assertIsArray($r); } + + /** + * @group github1676 + */ + public function testMalformedExt() + { + $a = '-----BEGIN CERTIFICATE----- +MIIDtjCCAmmgAwIBAgIUOynecffcNv1/7oqCfu98x899PhwwQgYJKoZIhvcNAQEK +MDWgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC +ASCjAwIBATAcMRowGAYDVQQKDBFwaHBzZWNsaWIgQ0EgY2VydDAeFw0yMTA2MjUw +MTQ1MjlaFw0yMjA2MjUwMTQ1MjlaMBwxGjAYBgNVBAoMEXBocHNlY2xpYiBDQSBj +ZXJ0MIIBVzBCBgkqhkiG9w0BAQowNaANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3 +DQEBCDALBglghkgBZQMEAgGiAwIBIKMDAgEBA4IBDwAwggEKAoIBAQCm8w3WEr4t +rbTaAHLI4uAGkZ5mJG8tgThw/qlADPZODjyJtNBZ1i39URXkHa4jdTfLMaCg8aWp +6eouRnNftUktmM4lG3j1JF6Cq2SkF93zJ2RZq3Ldpnv1jXS9qmtsndSzElria6f7 +qY3c63S0YFYvNLmMd5lECPYuS3fj0DcPp1Gyy1GnfjSu6OyP34gtjOpZ3bSQmpTg +78HllRZiq6vQIAw6Svoi4Ih573PGRjVHbh/KP5/4gP0ClW+qGjR+qJinmBSOISRU +RSP3Yqh1eSo/gdqOfe+8g7ffTdsZ77xzP2nwq9wsmSyFh/jbQyG05R1cC0zGfBdo +3sDkSw5KDMQzAgMBAAGjUTBPMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBTsxDp1d394JKfAJZOuA9YQSvtvWjAQBggrBgEFBQcBAQEB/wQB +ADBCBgkqhkiG9w0BAQowNaANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL +BglghkgBZQMEAgGiAwIBIKMDAgEBA4IBAQCF8DNkkP5z2mkHoo0SvoUpscbaSpXF +jjMpLsQwdhar1jbrEIEQpSGsZlmxpGroBj91wQLjJv7godfFC6b2T4cRcj5NZAEI +ZyoxrfZ0WU609ZAKFooYwEA2nLAG8Y4ygD5adT45MhmqKs79p4uaG5Z78zQrkUYY +d9BtBm0pyZ513s+KW/keUxVKlHnnxdV9FIis0S/d74mjass4YjPZcWnss6TBfIyD +EbQ5UK6Zu74q0lQLp7t14zSQ2B5tclVnM7jY0RiRzpLgDCq3kpbaw6KvFzH9lfPP +BbNA6tFZAwLoX18R6yEmzHAQ+R2Eliiaz7mgQ+M2d0ec6qQJFoO7aJsX +-----END CERTIFICATE-----'; + + $x509 = new File_X509(); + $r = $x509->loadX509($a); + + $this->assertIsArray($r); + } }