From 8ddfafe057fa4960fed5c427bea2c48d68e67655 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 6 Nov 2019 17:56:29 +0100 Subject: [PATCH] asn1: Empty bit string requires empty zero-bits indicator --- src/libopensc/asn1.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c index 332a44a8..61da5601 100644 --- a/src/libopensc/asn1.c +++ b/src/libopensc/asn1.c @@ -577,6 +577,10 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf, if (inlen < 1) return SC_ERROR_INVALID_ASN1_OBJECT; + /* 8.6.2.3 If the bitstring is empty, there shall be no subsequent octets, + * and the initial octet shall be zero. */ + if (inlen == 1 && *in != 0) + return SC_ERROR_INVALID_ASN1_OBJECT; /* ITU-T Rec. X.690 8.6.2.2: The number shall be in the range zero to seven. */ if ((*in & ~0x07) != 0) return SC_ERROR_INVALID_ASN1_OBJECT;