Fixes #1296 parsing invalid certificate

2025-01-22 05:51:20 +01:00 · 2018-09-11 11:16:19 +02:00 · 2018-09-11 11:16:19 +02:00 · b4e66d343e
commit b4e66d343e
parent f48d85ced9
2 changed files with 22 additions and 0 deletions
--- a/phpseclib/File/ASN1.php
+++ b/phpseclib/File/ASN1.php
@ -390,6 +390,9 @@ class File_ASN1
                $remainingLength = $length;
                while ($remainingLength > 0) {
                    $temp = $this->_decode_ber($content, $start, $content_pos);
+                    if ($temp === false) {
+                        break;
+                    }
                    $length = $temp['length'];
                    // end-of-content octets - see paragraph 8.1.5
                    if (substr($content, $content_pos + $length, 2) == "\0\0") {
@ -441,6 +444,9 @@ class File_ASN1
                    $current['content'] = substr($content, $content_pos);
                } else {
                    $temp = $this->_decode_ber($content, $start, $content_pos);
+                    if ($temp === false) {
+                        return false;
+                    }
                    $length-= (strlen($content) - $content_pos);
                    $last = count($temp) - 1;
                    for ($i = 0; $i < $last; $i++) {
@ -465,6 +471,9 @@ class File_ASN1
                    $length = 0;
                    while (substr($content, $content_pos, 2) != "\0\0") {
                        $temp = $this->_decode_ber($content, $length + $start, $content_pos);
+                        if ($temp === false) {
+                            return false;
+                        }
                        $content_pos += $temp['length'];
                        // all subtags should be octet strings
                        //if ($temp['type'] != FILE_ASN1_TYPE_OCTET_STRING) {
@ -497,6 +506,9 @@ class File_ASN1
                        break 2;
                    }
                    $temp = $this->_decode_ber($content, $start + $offset, $content_pos);
+                    if ($temp === false) {
+                        return false;
+                    }
                    $content_pos += $temp['length'];
                    $current['content'][] = $temp;
                    $offset+= $temp['length'];
--- a/tests/Unit/File/ASN1Test.php
+++ b/tests/Unit/File/ASN1Test.php
@ -331,4 +331,14 @@ class Unit_File_ASN1Test extends PhpseclibTestCase

        $this->assertSame($data, $arr);
    }
+
+    /**
+     * @group github1296
+     */
+    public function testInvalidCertificate()
+    {
+        $data = 'a' . base64_decode('MD6gJQYKKwYBBAGCNxQCA6AXDBVvZmZpY2VAY2VydGRpZ2l0YWwucm+BFW9mZmljZUBjZXJ0ZGlnaXRhbC5ybw==');
+        $asn1 = new File_ASN1();
+        $asn1->decodeBER($data);
+    }
 }