Check if tag's long form used in expected way

diff --git a/doc/news.rst b/doc/news.rst
index 7d523e81f16b12042323f8760b2b17d54f932cf2..6190d51539231dc214b95f1ba52d79ed57b10bff 100644 (file)
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -7,6 +7,8 @@ News
 ---
 * Strictly check that tag's long encoded form does not contain leading zero
   (X.690 8.1.2.4.2 (c))
+* Strictly check that tag's long form is used in expected way for small values
+  (X.690 8.1.2.2)
 
 .. _release7.6:
 

diff --git a/pyderasn.py b/pyderasn.py
index df0eb8f2cabaa46430590bf1bbeeedc231e36d66..505f3baafac8516084242256bb12f2633f02ace0 100755 (executable)
--- a/pyderasn.py
+++ b/pyderasn.py
@@ -1558,6 +1558,8 @@ def tag_strip(data):
             raise DecodeError("unfinished tag")
         if indexbytes(data, i) & 0x80 == 0:
             break
+    if i == 1 and indexbytes(data, 1) < 0x1F:
+        raise DecodeError("unexpected long form")
     if i > 1 and indexbytes(data, 1) & 0x7F == 0:
         raise DecodeError("leading zero byte in tag value")
     i += 1

diff --git a/tests/test_pyderasn.py b/tests/test_pyderasn.py
index fcf8781fb50580d6f58a4dcf726be88267595067..8225fc02eaef4be07fc42093a3f28e4cbc88b933 100644 (file)
--- a/tests/test_pyderasn.py
+++ b/tests/test_pyderasn.py
@@ -283,6 +283,12 @@ class TestTagCoder(TestCase):
         with assertRaisesRegex(self, DecodeError, "leading zero byte"):
             tag_strip(raw)
 
+    @given(tag_classes, tag_forms, integers(max_value=30, min_value=0))
+    def test_unexpected_long_form(self, klass, form, num):
+        raw = int2byte(klass | form | 31) + int2byte(num)
+        with assertRaisesRegex(self, DecodeError, "unexpected long form"):
+            tag_strip(raw)
+
 
 class TestLenCoder(TestCase):
     @settings(max_examples=LONG_TEST_MAX_EXAMPLES)