fix to leading 0x80 octet handling in CER/DER ObjectIdentifier decoder

author: elie <elie> 2012-05-27 09:29:59 +0000
committer: elie <elie> 2012-05-27 09:29:59 +0000
commit: 4e01f31551479d0aa53e0522468013b0479eb345 (patch)
tree: 60137c14cb0d30755194b6c3fe1026cbe66a33f4 /pyasn1/codec/cer
parent: 2987d40816e65b199170e2738afc54c8b5c7ab8f (diff)
download: pyasn1-git-4e01f31551479d0aa53e0522468013b0479eb345.tar.gz
1 files changed, 39 insertions, 0 deletions
diff --git a/pyasn1/codec/cer/decoder.py b/pyasn1/codec/cer/decoder.py
index 71395d2..add75d1 100644
--- a/pyasn1/codec/cer/decoder.py
+++ b/pyasn1/codec/cer/decoder.py
@@ -20,9 +20,48 @@ class BooleanDecoder(decoder.AbstractSimpleDecoder):
             raise error.PyAsn1Error('Boolean CER violation: %s' % byte)
         return self._createComponent(asn1Spec, tagSet, value), substrate[1:]
 
+class ObjectIdentifierDecoder(decoder.AbstractSimpleDecoder):
+    protoComponent = univ.ObjectIdentifier(())
+    def valueDecoder(self, fullSubstrate, substrate, asn1Spec, tagSet, length,
+                     state, decodeFun):
+        substrate = substrate[:length]        
+        if not substrate:
+            raise error.PyAsn1Error('Empty substrate')
+
+        # Get the first subid
+        subId = oct2int(substrate[0])
+        oid = divmod(subId, 40)
+
+        index = 1
+        substrateLen = len(substrate)
+        while index < substrateLen:
+            subId = oct2int(substrate[index])
+            index = index + 1
+            if subId == 128:
+                # ASN.1 spec forbids leading zeros (0x80) in sub-ID OID
+                # encoding,#tolerating it opens a vulnerability.
+                # See http://www.cosic.esat.kuleuven.be/publications/article-1432.pdf page 7
+                raise error.PyAsn1Error('Invalid leading 0x80 in sub-OID')
+            elif subId > 128:
+                # Construct subid from a number of octets
+                nextSubId = subId
+                subId = 0
+                while nextSubId >= 128:
+                    subId = (subId << 7) + (nextSubId & 0x7F)
+                    if index >= substrateLen:
+                        raise error.SubstrateUnderrunError(
+                            'Short substrate for sub-OID past %s' % (oid,)
+                            )
+                    nextSubId = oct2int(substrate[index])
+                    index = index + 1
+                subId = (subId << 7) + nextSubId
+            oid = oid + (subId,)
+        return self._createComponent(asn1Spec, tagSet, oid), substrate[index:]
+
 tagMap = decoder.tagMap.copy()
 tagMap.update({
     univ.Boolean.tagSet: BooleanDecoder(),
+    univ.ObjectIdentifier.tagSet: ObjectIdentifierDecoder(),
     })
 
 typeMap = decoder.typeMap
author	elie <elie>	2012-05-27 09:29:59 +0000
committer	elie <elie>	2012-05-27 09:29:59 +0000
commit	4e01f31551479d0aa53e0522468013b0479eb345 (patch)
tree	60137c14cb0d30755194b6c3fe1026cbe66a33f4 /pyasn1/codec/cer
parent	2987d40816e65b199170e2738afc54c8b5c7ab8f (diff)
download	pyasn1-git-4e01f31551479d0aa53e0522468013b0479eb345.tar.gz