summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-03-16 11:31:21 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-03-16 11:31:21 +0700
commit32ada34bce57d83a54d65c27561a5a39d0302992 (patch)
treeba930d408794632fa9395dfb065bc94339c621b6
parentRefactor EdDsaSigner (diff)
downloadBouncyCastle.NET-ed25519-32ada34bce57d83a54d65c27561a5a39d0302992.tar.xz
Fix non-8-aligned IPv4 netmask parsing
- see https://github.com/bcgit/bc-csharp/issues/426
-rw-r--r--crypto/src/asn1/x509/GeneralName.cs2
-rw-r--r--crypto/test/src/asn1/test/GeneralNameTest.cs23
2 files changed, 19 insertions, 6 deletions
diff --git a/crypto/src/asn1/x509/GeneralName.cs b/crypto/src/asn1/x509/GeneralName.cs
index 62d650df0..3f5a35d37 100644
--- a/crypto/src/asn1/x509/GeneralName.cs
+++ b/crypto/src/asn1/x509/GeneralName.cs
@@ -337,7 +337,7 @@ namespace Org.BouncyCastle.Asn1.X509
             }
             if (bits > 0)
             {
-                addr[offset] = (byte)(byte.MaxValue >> (8 - bits));
+                addr[offset] = (byte)(0xFF00 >> bits);
             }
         }
 
diff --git a/crypto/test/src/asn1/test/GeneralNameTest.cs b/crypto/test/src/asn1/test/GeneralNameTest.cs
index 10776c59c..76b810592 100644
--- a/crypto/test/src/asn1/test/GeneralNameTest.cs
+++ b/crypto/test/src/asn1/test/GeneralNameTest.cs
@@ -14,7 +14,8 @@ namespace Org.BouncyCastle.Asn1.Tests
 		: SimpleTest
 	{
 		private static readonly byte[] ipv4 = Hex.Decode("87040a090800");
-		private static readonly byte[] ipv4WithMask = Hex.Decode("87080a090800ffffff00");
+        private static readonly byte[] ipv4WithMask24 = Hex.Decode("87080a090800ffffff00");
+        private static readonly byte[] ipv4WithMask14 = Hex.Decode("87080a090800fffc0000");
 
 		private static readonly byte[] ipv6a = Hex.Decode("871020010db885a308d313198a2e03707334");
 		private static readonly byte[] ipv6b = Hex.Decode("871020010db885a3000013198a2e03707334");
@@ -38,19 +39,31 @@ namespace Org.BouncyCastle.Asn1.Tests
 				Fail("ipv4 encoding failed");
 			}
 
-			nm = new GeneralName(GeneralName.IPAddress, "10.9.8.0/255.255.255.0");
-			if (!Arrays.AreEqual(nm.GetEncoded(), ipv4WithMask))
+            nm = new GeneralName(GeneralName.IPAddress, "10.9.8.0/255.255.255.0");
+			if (!Arrays.AreEqual(nm.GetEncoded(), ipv4WithMask24))
 			{
 				Fail("ipv4 with netmask 1 encoding failed");
 			}
 
 			nm = new GeneralName(GeneralName.IPAddress, "10.9.8.0/24");
-			if (!Arrays.AreEqual(nm.GetEncoded(), ipv4WithMask))
+			if (!Arrays.AreEqual(nm.GetEncoded(), ipv4WithMask24))
 			{
 				Fail("ipv4 with netmask 2 encoding failed");
 			}
 
-			nm = new GeneralName(GeneralName.IPAddress, "2001:0db8:85a3:08d3:1319:8a2e:0370:7334");
+            nm = new GeneralName(GeneralName.IPAddress, "10.9.8.0/255.252.0.0");
+            if (!Arrays.AreEqual(nm.GetEncoded(), ipv4WithMask14))
+            {
+                Fail("ipv4 with netmask 1 encoding failed");
+            }
+
+            nm = new GeneralName(GeneralName.IPAddress, "10.9.8.0/14");
+            if (!Arrays.AreEqual(nm.GetEncoded(), ipv4WithMask14))
+            {
+                Fail("ipv4 with netmask 2 encoding failed");
+            }
+
+            nm = new GeneralName(GeneralName.IPAddress, "2001:0db8:85a3:08d3:1319:8a2e:0370:7334");
 			if (!Arrays.AreEqual(nm.GetEncoded(), ipv6a))
 			{
 				Fail("ipv6 with netmask encoding failed");