From 94a0713e3aa1b2ec4f98fe1eb690ef2160d70fdf Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 30 Nov 2014 09:51:10 -1000 Subject: error if signature has trailing bytes --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 4 ++++ tests/hazmat/primitives/test_asym_utils.py | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 0140e6c1..a1a40292 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -17,6 +17,10 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): data = decoder.decode(signature, asn1Spec=_DSSSigValue()) + if data[1]: + raise ValueError( + "The signature contains bytes after the end of the ASN.1 sequence." + ) r = int(data[0].getComponentByName('r')) s = int(data[0].getComponentByName('s')) return (r, s) diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py index f2f8850f..f8a67b68 100644 --- a/tests/hazmat/primitives/test_asym_utils.py +++ b/tests/hazmat/primitives/test_asym_utils.py @@ -4,6 +4,8 @@ from __future__ import absolute_import, division, print_function +import pytest + from cryptography.hazmat.primitives.asymmetric.utils import ( decode_rfc6979_signature, encode_rfc6979_signature ) @@ -32,3 +34,8 @@ def test_rfc6979_signature(): sig4 = encode_rfc6979_signature(-1, 0) assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00" assert decode_rfc6979_signature(sig4) == (-1, 0) + + +def test_decode_rfc6979_trailing_bytes(): + with pytest.raises(ValueError): + decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00") -- cgit v1.2.3