Incorrect encoding of the DistributionPointName object in IssuingDistributionPointExtension
Zhang, Ning
Ning.Zhang at team.neustar
Sun Sep 26 05:22:09 UTC 2021
Here is the test program for demonstrating the issue. Thanks.
/*
* This java program demonstrates the encoding bug related to the
* DistributionPointName object in
*
* sun/security/x509/IssuingDistributionPointExtension.java
*
* The fix would be:
*
* ***************
* *** 395,397 ****
* distributionPoint.encode(tmp);
* ! tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true,
* TAG_DISTRIBUTION_POINT), tmp);
* --- 395,397 ----
* distributionPoint.encode(tmp);
* ! tagged.write(DerValue.createTag(DerValue.TAG_CONTEXT, true,
* TAG_DISTRIBUTION_POINT), tmp);
*
* ***************
*
* Encoded data sample
*
* Correctly encoded IssuingDistributionPointExtension object:
*
* 000000 30 1d 06 03 55 1d 1c 01 01 ff 04 13 30 11 a0 0c
* 000010 a0 0a 86 08 68 74 74 70 3a 2f 2f 63 84 01 ff
*
* Incorectly encoded IssuingDistributionPointExtension object:
*
* 000000 30 1b 06 03 55 1d 1c 01 01 ff 04 11 30 0f a0 0a
* 000010 86 08 68 74 74 70 3a 2f 2f 63 84 01 ff
*
*/
import java.util.Arrays;
import sun.security.x509.IssuingDistributionPointExtension;
import sun.security.util.DerOutputStream;
public class TestIdpExtBug {
private static byte[] expected = {
0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x1c, 0x01,
0x01,(byte)0xff, 0x04, 0x13, 0x30, 0x11,(byte) 0xa0, 0x0c,
(byte)0xa0,0x0a,(byte)0x86, 0x08, 0x68, 0x74, 0x74, 0x70,
0x3a, 0x2f, 0x2f, 0x63,(byte)0x84, 0x01,(byte) 0xff };
public static void main(String[] args) throws Exception {
byte[] rawData = Arrays.copyOfRange(expected, 12, expected.length);
IssuingDistributionPointExtension idp;
idp = new IssuingDistributionPointExtension(true, rawData);
System.out.println("IssuingDistributionPointExtension " + idp);
checkData(idp);
// trigger re-encoding and demonstrate the bug
idp.set(IssuingDistributionPointExtension.INDIRECT_CRL, true);
checkData(idp);
}
public static void checkData( IssuingDistributionPointExtension idp )
throws Exception {
DerOutputStream out = new DerOutputStream();
idp.encode(out);
byte[] encData = out.toByteArray();
if (encData.length != expected.length) {
System.out.println("Encoded data length mismatch - "
+ expected.length + " != " + encData.length);
return;
}
for (int i = 0; i < encData.length; i++) {
if (encData[i] != expected[i]) {
System.out.println("Encoded data mismatches at index " + i);
return;
}
}
System.out.println("Encoded data matches as expected");
}
}
More information about the security-dev
mailing list