summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Matveev <stargrave@stargrave.org>2020-04-13 11:33:05 +0300
committerSergey Matveev <stargrave@stargrave.org>2020-04-13 12:10:00 +0300
commitbba84f2f3b5fbc860f51cf76f2f504cb2aa8d899 (patch)
tree4544614a8f4a76312eb7594266ec49e0f5e69450
parent35c86385b3c8d004e3b5efea7aa2b95e7608309b (diff)
downloadpyderasn-bba84f2f3b5fbc860f51cf76f2f504cb2aa8d899.tar.xz
Check if tag's long form used in expected way7.7
-rw-r--r--doc/news.rst2
-rwxr-xr-xpyderasn.py2
-rw-r--r--tests/test_pyderasn.py6
3 files changed, 10 insertions, 0 deletions
diff --git a/doc/news.rst b/doc/news.rst
index 7d523e8..6190d51 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -7,6 +7,8 @@ News
---
* Strictly check that tag's long encoded form does not contain leading zero
(X.690 8.1.2.4.2 (c))
+* Strictly check that tag's long form is used in expected way for small values
+ (X.690 8.1.2.2)
.. _release7.6:
diff --git a/pyderasn.py b/pyderasn.py
index df0eb8f..505f3ba 100755
--- a/pyderasn.py
+++ b/pyderasn.py
@@ -1558,6 +1558,8 @@ def tag_strip(data):
raise DecodeError("unfinished tag")
if indexbytes(data, i) & 0x80 == 0:
break
+ if i == 1 and indexbytes(data, 1) < 0x1F:
+ raise DecodeError("unexpected long form")
if i > 1 and indexbytes(data, 1) & 0x7F == 0:
raise DecodeError("leading zero byte in tag value")
i += 1
diff --git a/tests/test_pyderasn.py b/tests/test_pyderasn.py
index fcf8781..8225fc0 100644
--- a/tests/test_pyderasn.py
+++ b/tests/test_pyderasn.py
@@ -283,6 +283,12 @@ class TestTagCoder(TestCase):
with assertRaisesRegex(self, DecodeError, "leading zero byte"):
tag_strip(raw)
+ @given(tag_classes, tag_forms, integers(max_value=30, min_value=0))
+ def test_unexpected_long_form(self, klass, form, num):
+ raw = int2byte(klass | form | 31) + int2byte(num)
+ with assertRaisesRegex(self, DecodeError, "unexpected long form"):
+ tag_strip(raw)
+
class TestLenCoder(TestCase):
@settings(max_examples=LONG_TEST_MAX_EXAMPLES)