rpms/python-pyasn1
7
0
Fork 0
Code Issues Pull Requests Releases Activity

python-pyasn1-0.3.7-6.el8_10.1

Browse Source 
- Resolves: RHEL-148145

Signed-off-by: Masahiro Matsuya <mmatsuya@redhat.com>
This commit is contained in:
Masahiro Matsuya 2026-02-18 14:33:27 +09:00
parent 3db6a577a7
commit 5a10953bf5
No known key found for this signature in database
GPG Key ID: 3B765B6EB34DA964
2 changed files with 130 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
0001-Backport-commit-be353d7.patch Normal file
View File

@ -0,0 +1,122 @@
From b111e63bd3b86ca9747b1bbb3f7eae7b9c01a82e Mon Sep 17 00:00:00 2001
From: Masahiro Matsuya <mmatsuya@redhat.com>
Date: Wed, 18 Feb 2026 13:54:42 +0900
Subject: [PATCH] Backport commit be353d7
Add limit of 20 continuation octets per OID arc to prevent a potential memory
exhaustion from excessive continuation bytes input.
---
pyasn1/codec/ber/decoder.py | 11 ++++++
tests/codec/ber/test_decoder.py | 66 +++++++++++++++++++++++++++++++++
2 files changed, 77 insertions(+)
diff --git a/pyasn1/codec/ber/decoder.py b/pyasn1/codec/ber/decoder.py
index ee3064f..69c9ecd 100644
--- a/pyasn1/codec/ber/decoder.py
+++ b/pyasn1/codec/ber/decoder.py
@@ -14,6 +14,10 @@ __all__ = ['decode']
noValue = base.noValue
+# Maximum number of continuation octets (high-bit set) allowed per OID arc.
+# 20 octets allows up to 140-bit integers, supporting UUID-based OIDs
+MAX_OID_ARC_CONTINUATION_OCTETS = 20
+
class AbstractDecoder(object):
protoComponent = None
@@ -284,7 +288,14 @@ class ObjectIdentifierDecoder(AbstractSimpleDecoder):
# Construct subid from a number of octets
nextSubId = subId
subId = 0
+ continuationOctetCount = 0
while nextSubId >= 128:
+ continuationOctetCount += 1
+ if continuationOctetCount > MAX_OID_ARC_CONTINUATION_OCTETS:
+ raise error.PyAsn1Error(
+ 'OID arc exceeds maximum continuation octets limit (%d) '
+ 'at position %d' % (MAX_OID_ARC_CONTINUATION_OCTETS, index)
+ )
subId = (subId << 7) + (nextSubId & 0x7F)
if index >= substrateLen:
raise error.SubstrateUnderrunError(
diff --git a/tests/codec/ber/test_decoder.py b/tests/codec/ber/test_decoder.py
index 5ec3a5f..ba7dfec 100644
--- a/tests/codec/ber/test_decoder.py
+++ b/tests/codec/ber/test_decoder.py
@@ -403,6 +403,72 @@ class ObjectIdentifierDecoderTestCase(BaseTestCase):
0xB8, 0xCB, 0xE2, 0xB6, 0x47))
) == ((2, 999, 18446744073709551535184467440737095), null)
+ def testExcessiveContinuationOctets(self):
+ """Test that OID arcs with excessive continuation octets are rejected."""
+ # Create a payload with 25 continuation octets (exceeds 20 limit)
+ # 0x81 bytes are continuation octets, 0x01 terminates
+ malicious_payload = bytes([0x06, 26]) + bytes([0x81] * 25) + bytes([0x01])
+ try:
+ decoder.decode(malicious_payload)
+ except PyAsn1Error:
+ pass
+ else:
+ assert 0, 'Excessive continuation octets tolerated'
+
+ def testMaxAllowedContinuationOctets(self):
+ """Test that OID arcs at the maximum continuation octets limit work."""
+ # Create a payload with exactly 20 continuation octets (at limit)
+ # This should succeed
+ payload = bytes([0x06, 21]) + bytes([0x81] * 20) + bytes([0x01])
+ try:
+ decoder.decode(payload)
+ except PyAsn1Error:
+ assert 0, 'Valid OID with 20 continuation octets rejected'
+
+ def testOneOverContinuationLimit(self):
+ """Test boundary: 21 continuation octets (one over limit) is rejected."""
+ payload = bytes([0x06, 22]) + bytes([0x81] * 21) + bytes([0x01])
+ try:
+ decoder.decode(payload)
+ except PyAsn1Error:
+ pass
+ else:
+ assert 0, '21 continuation octets tolerated (should be rejected)'
+
+ def testExcessiveContinuationInSecondArc(self):
+ """Test that limit applies to subsequent arcs, not just the first."""
+ # First arc: valid simple byte (0x55 = 85, decodes to arc 2.5)
+ # Second arc: excessive continuation octets
+ payload = bytes([0x06, 27]) + bytes([0x55]) + bytes([0x81] * 25) + bytes([0x01])
+ try:
+ decoder.decode(payload)
+ except PyAsn1Error:
+ pass
+ else:
+ assert 0, 'Excessive continuation in second arc tolerated'
+
+ def testMultipleArcsAtLimit(self):
+ """Test multiple arcs each at the continuation limit work correctly."""
+ # Two arcs, each with 20 continuation octets (both at limit)
+ arc1 = bytes([0x81] * 20) + bytes([0x01]) # 21 bytes
+ arc2 = bytes([0x81] * 20) + bytes([0x01]) # 21 bytes
+ payload = bytes([0x06, 42]) + arc1 + arc2
+ try:
+ decoder.decode(payload)
+ except PyAsn1Error:
+ assert 0, 'Multiple valid arcs at limit rejected'
+
+ def testExcessiveContinuationWithMaxBytes(self):
+ """Test with 0xFF continuation bytes (maximum value, not just 0x81)."""
+ # 0xFF bytes are also continuation octets (high bit set)
+ malicious_payload = bytes([0x06, 26]) + bytes([0xFF] * 25) + bytes([0x01])
+ try:
+ decoder.decode(malicious_payload)
+ except PyAsn1Error:
+ pass
+ else:
+ assert 0, 'Excessive 0xFF continuation octets tolerated'
+
class RealDecoderTestCase(BaseTestCase):
def testChar(self):
--
2.52.0

9
python-pyasn1.spec
View File

@ -3,7 +3,7 @@
Name: python-pyasn1
Version: 0.3.7
Release: 6%{?dist}
Release: 6%{?dist}.1
Summary: ASN.1 tools for Python
License: BSD
Group: System Environment/Libraries
@ -12,6 +12,9 @@ Source1: https://github.com/etingof/pyasn1-modules/archive/v%{modules_ver
URL: http://pyasn1.sourceforge.net/
BuildArch: noarch
Patch1: 0001-Backport-commit-be353d7.patch
%description
This is an implementation of ASN.1 types and codecs in the Python programming
language.
@ -44,6 +47,7 @@ BuildRequires: python3-sphinx
%prep
%setup -n %{module}-%{version} -q -b1
%autopatch -p1
%build
@ -85,6 +89,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} setup.py test
%doc doc/build/html/*
%changelog
* Wed Feb 18 2026 Masahiro Matsuya <mmatsuya@redhat.com> - 0.3.7-6.el8_10.1
- Resolves: RHEL-148145
* Mon Jul 09 2018 Petr Viktorin <pviktori@redhat.com> - 0.3.7-6
- Remove the python2 subpackage