Check there is no trailing data in Asn1Object.FromByteArray

Author: peterdettman

crypto/src/asn1/Asn1Object.cs

@@ -13,13 +13,18 @@ public abstract class Asn1Object
 		public static Asn1Object FromByteArray(
 			byte[] data)
 		{
-			try
+            try
 			{
-				return new Asn1InputStream(data).ReadObject();
+                MemoryStream input = new MemoryStream(data, false);
+                Asn1InputStream asn1 = new Asn1InputStream(input, data.Length);
+                Asn1Object result = asn1.ReadObject();
+                if (input.Position != input.Length)
+                    throw new IOException("extra data found after object");
+                return result;
 			}
 			catch (InvalidCastException)
 			{
-				throw new IOException("cannot recognise object in stream");    
+				throw new IOException("cannot recognise object in byte array");
 			}
 		}
 
@@ -36,7 +41,7 @@ public static Asn1Object FromStream(
 			}
 			catch (InvalidCastException)
 			{
-				throw new IOException("cannot recognise object in stream");    
+				throw new IOException("cannot recognise object in stream");
 			}
 		}
 

crypto/src/crypto/tls/TlsUtilities.cs

@@ -529,11 +529,12 @@ public static int ReadVersionRaw(Stream input)
 
         public static Asn1Object ReadAsn1Object(byte[] encoding)
         {
-            Asn1InputStream asn1 = new Asn1InputStream(encoding);
+            MemoryStream input = new MemoryStream(encoding, false);
+            Asn1InputStream asn1 = new Asn1InputStream(input, encoding.Length);
             Asn1Object result = asn1.ReadObject();
             if (null == result)
                 throw new TlsFatalAlert(AlertDescription.decode_error);
-            if (null != asn1.ReadObject())
+            if (input.Position != input.Length)
                 throw new TlsFatalAlert(AlertDescription.decode_error);
             return result;
         }

crypto/test/src/asn1/test/TagTest.cs

@@ -1,4 +1,5 @@
 using System;
+using System.IO;
 
 using NUnit.Framework;
 
@@ -33,14 +34,17 @@ public override string Name
 
 		public override void PerformTest()
 		{
-			DerApplicationSpecific app = (DerApplicationSpecific)
-				Asn1Object.FromByteArray(longTagged);
+            Asn1InputStream aIn = new Asn1InputStream(longTagged);
 
-			app = (DerApplicationSpecific) Asn1Object.FromByteArray(app.GetContents());
+            DerApplicationSpecific app = (DerApplicationSpecific)aIn.ReadObject();
 
-			Asn1InputStream aIn = new Asn1InputStream(app.GetContents());
+            aIn = new Asn1InputStream(app.GetContents());
 
-			Asn1TaggedObject tagged = (Asn1TaggedObject) aIn.ReadObject();
+            app = (DerApplicationSpecific)aIn.ReadObject();
+
+            aIn = new Asn1InputStream(app.GetContents());
+
+            Asn1TaggedObject tagged = (Asn1TaggedObject)aIn.ReadObject();
 
 			if (tagged.TagNo != 32)
 			{

crypto/test/src/openssl/test/ReaderTest.cs

@@ -198,7 +198,7 @@ public override void PerformTest()
             doDudPasswordTest("3ee7a8", 10, "DER length more than 4 bytes: 57");
             doDudPasswordTest("41af75", 11, "unknown tag 16 encountered");
             doDudPasswordTest("1704a5", 12, "corrupted stream detected");
-            doDudPasswordTest("1c5822", 13, "Unknown object in GetInstance: Org.BouncyCastle.Asn1.DerUtf8String");
+            doDudPasswordTest("1c5822", 13, "extra data found after object");
             doDudPasswordTest("5a3d16", 14, "corrupted stream detected");
             doDudPasswordTest("8d0c97", 15, "corrupted stream detected");
             doDudPasswordTest("bc0daf", 16, "corrupted stream detected");
@@ -342,7 +342,7 @@ private void doDudPasswordTest(string password, int index, string message)
 
                 Fail("issue not detected: " + index);
             }
-            catch (IOException e)
+            catch (Exception e)
             {
                 if (e.Message.IndexOf(message) < 0)
                 {