summaryrefslogtreecommitdiffstats
path: root/test/recipes/25-test_d2i.t
diff options
context:
space:
mode:
Diffstat (limited to 'test/recipes/25-test_d2i.t')
-rw-r--r--test/recipes/25-test_d2i.t11
1 files changed, 10 insertions, 1 deletions
diff --git a/test/recipes/25-test_d2i.t b/test/recipes/25-test_d2i.t
index 9e1a643aaf..d50de0431b 100644
--- a/test/recipes/25-test_d2i.t
+++ b/test/recipes/25-test_d2i.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_d2i");
-plan tests => 3;
+plan tests => 4;
ok(run(test(["d2i_test", "X509", "decode",
srctop_file('test','d2i-tests','bad_cert.der')])),
@@ -28,3 +28,12 @@ ok(run(test(["d2i_test", "GENERAL_NAME", "decode",
ok(run(test(["d2i_test", "ASN1_ANY", "BIO",
srctop_file('test','d2i-tests','bad_bio.der')])),
"Running d2i_test bad_bio.der");
+# This test checks CVE-2016-2108. The data consists of an tag 258 and
+# two zero content octets. This is parsed as an ASN1_ANY type. If the
+# type is incorrectly interpreted as an ASN.1 INTEGER the two zero content
+# octets will be reject as invalid padding and this test will fail.
+# If the type is correctly interpreted it will by treated as an ASN1_STRING
+# type and the content octets copied verbatim.
+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
+ srctop_file('test','d2i-tests','high_tag.der')])),
+ "Running d2i_test high_tag.der");
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 13:10:21 +0000