Check there is no trailing data in Asn1Object.FromByteArray

author: Peter Dettman <peter.dettman@bouncycastle.org> 2015-11-14 17:29:37 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2015-11-14 17:29:37 +0700
commit: 21f2eacb456c933df98a59a78143dfd1a05bb951 (patch)
tree: 368016a4f0a7885d0e01a952489b117c6e3e134a
parent: Update ECPrivateKeyStructure following Java API (diff)
download: BouncyCastle.NET-ed25519-21f2eacb456c933df98a59a78143dfd1a05bb951.tar.xz
4 files changed, 23 insertions, 13 deletions
diff --git a/crypto/src/asn1/Asn1Object.cs b/crypto/src/asn1/Asn1Object.cs
index 08bd599c1..a86fdbb4a 100644
--- a/crypto/src/asn1/Asn1Object.cs
+++ b/crypto/src/asn1/Asn1Object.cs
@@ -13,13 +13,18 @@ namespace Org.BouncyCastle.Asn1
 		public static Asn1Object FromByteArray(
 			byte[] data)
 		{
-			try
+            try
 			{
-				return new Asn1InputStream(data).ReadObject();
+                MemoryStream input = new MemoryStream(data, false);
+                Asn1InputStream asn1 = new Asn1InputStream(input, data.Length);
+                Asn1Object result = asn1.ReadObject();
+                if (input.Position != input.Length)
+                    throw new IOException("extra data found after object");
+                return result;
 			}
 			catch (InvalidCastException)
 			{
-				throw new IOException("cannot recognise object in stream");    
+				throw new IOException("cannot recognise object in byte array");
 			}
 		}
 
@@ -36,7 +41,7 @@ namespace Org.BouncyCastle.Asn1
 			}
 			catch (InvalidCastException)
 			{
-				throw new IOException("cannot recognise object in stream");    
+				throw new IOException("cannot recognise object in stream");
 			}
 		}
 
diff --git a/crypto/src/crypto/tls/TlsUtilities.cs b/crypto/src/crypto/tls/TlsUtilities.cs
index a8c8a2b28..26fb0d5e8 100644
--- a/crypto/src/crypto/tls/TlsUtilities.cs
+++ b/crypto/src/crypto/tls/TlsUtilities.cs
@@ -529,11 +529,12 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         public static Asn1Object ReadAsn1Object(byte[] encoding)
         {
-            Asn1InputStream asn1 = new Asn1InputStream(encoding);
+            MemoryStream input = new MemoryStream(encoding, false);
+            Asn1InputStream asn1 = new Asn1InputStream(input, encoding.Length);
             Asn1Object result = asn1.ReadObject();
             if (null == result)
                 throw new TlsFatalAlert(AlertDescription.decode_error);
-            if (null != asn1.ReadObject())
+            if (input.Position != input.Length)
                 throw new TlsFatalAlert(AlertDescription.decode_error);
             return result;
         }
diff --git a/crypto/test/src/asn1/test/TagTest.cs b/crypto/test/src/asn1/test/TagTest.cs
index c5fce6dbc..80ca2c0ea 100644
--- a/crypto/test/src/asn1/test/TagTest.cs
+++ b/crypto/test/src/asn1/test/TagTest.cs
@@ -1,4 +1,5 @@
 using System;
+using System.IO;
 
 using NUnit.Framework;
 
@@ -33,14 +34,17 @@ namespace Org.BouncyCastle.Asn1.Tests
 
 		public override void PerformTest()
 		{
-			DerApplicationSpecific app = (DerApplicationSpecific)
-				Asn1Object.FromByteArray(longTagged);
+            Asn1InputStream aIn = new Asn1InputStream(longTagged);
 
-			app = (DerApplicationSpecific) Asn1Object.FromByteArray(app.GetContents());
+            DerApplicationSpecific app = (DerApplicationSpecific)aIn.ReadObject();
 
-			Asn1InputStream aIn = new Asn1InputStream(app.GetContents());
+            aIn = new Asn1InputStream(app.GetContents());
 
-			Asn1TaggedObject tagged = (Asn1TaggedObject) aIn.ReadObject();
+            app = (DerApplicationSpecific)aIn.ReadObject();
+
+            aIn = new Asn1InputStream(app.GetContents());
+
+            Asn1TaggedObject tagged = (Asn1TaggedObject)aIn.ReadObject();
 
 			if (tagged.TagNo != 32)
 			{
diff --git a/crypto/test/src/openssl/test/ReaderTest.cs b/crypto/test/src/openssl/test/ReaderTest.cs
index e3990b562..c0be5c848 100644
--- a/crypto/test/src/openssl/test/ReaderTest.cs
+++ b/crypto/test/src/openssl/test/ReaderTest.cs
@@ -198,7 +198,7 @@ namespace Org.BouncyCastle.OpenSsl.Tests
             doDudPasswordTest("3ee7a8", 10, "DER length more than 4 bytes: 57");
             doDudPasswordTest("41af75", 11, "unknown tag 16 encountered");
             doDudPasswordTest("1704a5", 12, "corrupted stream detected");
-            doDudPasswordTest("1c5822", 13, "Unknown object in GetInstance: Org.BouncyCastle.Asn1.DerUtf8String");
+            doDudPasswordTest("1c5822", 13, "extra data found after object");
             doDudPasswordTest("5a3d16", 14, "corrupted stream detected");
             doDudPasswordTest("8d0c97", 15, "corrupted stream detected");
             doDudPasswordTest("bc0daf", 16, "corrupted stream detected");
@@ -342,7 +342,7 @@ namespace Org.BouncyCastle.OpenSsl.Tests
 
                 Fail("issue not detected: " + index);
             }
-            catch (IOException e)
+            catch (Exception e)
             {
                 if (e.Message.IndexOf(message) < 0)
                 {
author	Peter Dettman <peter.dettman@bouncycastle.org>	2015-11-14 17:29:37 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2015-11-14 17:29:37 +0700
commit	21f2eacb456c933df98a59a78143dfd1a05bb951 (patch)
tree	368016a4f0a7885d0e01a952489b117c6e3e134a
parent	Update ECPrivateKeyStructure following Java API (diff)
download	BouncyCastle.NET-ed25519-21f2eacb456c933df98a59a78143dfd1a05bb951.tar.xz