From fefed20bec7e07456cd50a710cc11fff18cf46c1 Mon Sep 17 00:00:00 2001
From: David Hook <dgh@bouncycastle.org>
Date: Tue, 16 May 2017 00:36:34 +1000
Subject: Added validation of integer/enumerated encoding.

---
 crypto/src/asn1/DerInteger.cs | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'crypto/src/asn1/DerInteger.cs')

diff --git a/crypto/src/asn1/DerInteger.cs b/crypto/src/asn1/DerInteger.cs
index 3610de588..5b240d281 100644
--- a/crypto/src/asn1/DerInteger.cs
+++ b/crypto/src/asn1/DerInteger.cs
@@ -70,7 +70,18 @@ namespace Org.BouncyCastle.Asn1
 		public DerInteger(
             byte[] bytes)
         {
-            this.bytes = bytes;
+            if (bytes.Length > 1)
+            {
+                if (bytes[0] == 0 && (bytes[1] & 0x80) == 0)
+                {
+                    throw new ArgumentException("malformed integer");
+                }
+                if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0)
+                {
+                    throw new ArgumentException("malformed integer");
+                }
+            }
+            this.bytes = Arrays.Clone(bytes);
         }
 
 		public BigInteger Value
-- 
cgit 1.4.1