From a3ffd09890cd48bbd21040a49a2399a24f204918 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Thu, 18 Oct 2018 18:15:32 +0700
Subject: Env. prop.: Org.BouncyCastle.Asn1.AllowUnsafeInteger

- set to "true" to weaken ASN.1 INTEGER checks
- see https://github.com/bcgit/bc-csharp/issues/156
---
 crypto/src/asn1/DerInteger.cs | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'crypto/src/asn1/DerInteger.cs')

diff --git a/crypto/src/asn1/DerInteger.cs b/crypto/src/asn1/DerInteger.cs
index 5b240d281..ae14d2a9f 100644
--- a/crypto/src/asn1/DerInteger.cs
+++ b/crypto/src/asn1/DerInteger.cs
@@ -8,6 +8,14 @@ namespace Org.BouncyCastle.Asn1
     public class DerInteger
         : Asn1Object
     {
+        public const string AllowUnsafeProperty = "Org.BouncyCastle.Asn1.AllowUnsafeInteger";
+
+        internal static bool AllowUnsafe()
+        {
+            string allowUnsafeValue = Platform.GetEnvironmentVariable(AllowUnsafeProperty);
+            return allowUnsafeValue != null && Platform.EqualsIgnoreCase("true", allowUnsafeValue);
+        }
+
         private readonly byte[] bytes;
 
         /**
@@ -72,13 +80,11 @@ namespace Org.BouncyCastle.Asn1
         {
             if (bytes.Length > 1)
             {
-                if (bytes[0] == 0 && (bytes[1] & 0x80) == 0)
-                {
-                    throw new ArgumentException("malformed integer");
-                }
-                if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)
+                if ((bytes[0] == 0 && (bytes[1] & 0x80) == 0)
+                    || (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0))
                 {
-                    throw new ArgumentException("malformed integer");
+                    if (!AllowUnsafe())
+                        throw new ArgumentException("malformed integer");
                 }
             }
             this.bytes = Arrays.Clone(bytes);
-- 
cgit 1.4.1