added system properties to allow setting of max read length and max construction depth.

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java

@@ -6,6 +6,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 
+import org.bouncycastle.util.Properties;
 import org.bouncycastle.util.io.Streams;
 
 /**
@@ -18,9 +19,13 @@ public class ASN1InputStream
     extends FilterInputStream
     implements BERTags
 {
+    static final String MAX_CONS_DEPTH = "org.bouncycastle.asn1.max_cons_depth";
+
     private final int limit;
     private final boolean lazyEvaluate;
     private final byte[][] tmpBuffers;
+    private final int level;
+    private final int maxLevel;
 
     public ASN1InputStream(InputStream is)
     {
@@ -92,9 +97,21 @@ private ASN1InputStream(InputStream input, int limit, boolean lazyEvaluate, byte
         this.limit = limit;
         this.lazyEvaluate = lazyEvaluate;
         this.tmpBuffers = tmpBuffers;
+        this.level = 0;
+        this.maxLevel = Properties.asInteger(MAX_CONS_DEPTH, 32);
+    }
+
+    private ASN1InputStream(InputStream input, int limit, boolean lazyEvaluate, byte[][] tmpBuffers, int level, int maxLevel)
+    {
+        super(input);
+        this.limit = limit;
+        this.lazyEvaluate = lazyEvaluate;
+        this.tmpBuffers = tmpBuffers;
+        this.level = level;
+        this.maxLevel = maxLevel;
     }
 
-    int getLimit()
+    protected int getLimit()
     {
         return limit;
     }
@@ -329,7 +346,12 @@ ASN1EncodableVector readVector(DefiniteLengthInputStream defIn) throws IOExcepti
             return new ASN1EncodableVector(0);
         }
 
-        return new ASN1InputStream(defIn, remaining, lazyEvaluate, tmpBuffers).readVector();
+        if (this.level == this.maxLevel)
+        {
+            throw new IOException("maximum nested construction level reached - increase " + MAX_CONS_DEPTH + " (currently " + maxLevel + ")");
+        }
+        
+        return new ASN1InputStream(defIn, remaining, lazyEvaluate, tmpBuffers, level + 1, maxLevel).readVector();
     }
 
     static int readTagNumber(InputStream s, int tag) 

core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java

@@ -4,6 +4,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 
+import org.bouncycastle.util.Properties;
+
 /**
  * A parser for ASN.1 streams which also returns, where possible, parsers for the objects it encounters.
  */
@@ -12,6 +14,8 @@ public class ASN1StreamParser
     private final InputStream _in;
     private final int _limit;
     private final byte[][] tmpBuffers;
+    private final int level;
+    private final int maxLevel;
 
     public ASN1StreamParser(InputStream in)
     {
@@ -33,6 +37,17 @@ public ASN1StreamParser(InputStream in, int limit)
         this._in = in;
         this._limit = limit;
         this.tmpBuffers = tmpBuffers;
+        this.level = 0;
+        this.maxLevel = Properties.asInteger(ASN1InputStream.MAX_CONS_DEPTH, 32);
+    }
+
+    private ASN1StreamParser(InputStream in, int limit, byte[][] tmpBuffers, int level, int maxLevel)
+    {
+        this._in = in;
+        this._limit = limit;
+        this.tmpBuffers = tmpBuffers;
+        this.level = level;
+        this.maxLevel = maxLevel;
     }
 
     public ASN1Encodable readObject() throws IOException
@@ -48,6 +63,11 @@ public ASN1Encodable readObject() throws IOException
 
     ASN1Encodable implParseObject(int tagHdr) throws IOException
     {
+        if (this.level == this.maxLevel)
+        {
+            throw new IOException("maximum nested construction level reached - increase " + ASN1InputStream.MAX_CONS_DEPTH + " (currently " + maxLevel + ")");
+        }
+
         //
         // turn off looking for "00" while we resolve the tag
         //
@@ -73,7 +93,7 @@ ASN1Encodable implParseObject(int tagHdr) throws IOException
             }
 
             IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in, _limit);
-            ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit, tmpBuffers);
+            ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit, tmpBuffers, level + 1, maxLevel);
 
             int tagClass = tagHdr & BERTags.PRIVATE;
             if (0 != tagClass)
@@ -92,7 +112,7 @@ ASN1Encodable implParseObject(int tagHdr) throws IOException
                 return parseImplicitPrimitive(tagNo, defIn);
             }
 
-            ASN1StreamParser sp = new ASN1StreamParser(defIn, defIn.getLimit(), tmpBuffers);
+            ASN1StreamParser sp = new ASN1StreamParser(defIn, defIn.getLimit(), tmpBuffers, level + 1, maxLevel);
 
             int tagClass = tagHdr & BERTags.PRIVATE;
             if (0 != tagClass)

core/src/main/java/org/bouncycastle/asn1/StreamUtil.java

@@ -6,8 +6,12 @@
 import java.io.InputStream;
 import java.nio.channels.FileChannel;
 
+import org.bouncycastle.util.Properties;
+
 class StreamUtil
 {
+    static final String MAX_LIMIT = "org.bouncycastle.asn1.max_limit";
+
     /**
      * Find out possible longest length, capped by available memory.
      *
@@ -46,12 +50,32 @@ else if (in instanceof FileInputStream)
             }
         }
 
+        String limit = Properties.getPropertyValue(MAX_LIMIT);
+        if (limit != null)
+        {
+            switch (limit.charAt(limit.length() - 1))
+            {
+            case 'k':
+                return Integer.parseInt(limit.substring(0, limit.length() - 1)) * 1024;
+            case 'm':
+                return Integer.parseInt(limit.substring(0, limit.length() - 1)) * 1024 * 1024;
+            case 'g':
+                return Integer.parseInt(limit.substring(0, limit.length() - 1)) * 1024 * 1024 * 1024;
+            default:
+                return Integer.parseInt(limit);
+            }
+        }
+
+        return getMaxMemory();
+    }
+
+    private static int getMaxMemory()
+    {
         long maxMemory = Runtime.getRuntime().maxMemory();
         if (maxMemory > Integer.MAX_VALUE)
         {
             return Integer.MAX_VALUE;
         }
-
         return (int)maxMemory;
     }
 }

core/src/test/java/org/bouncycastle/asn1/test/ASN1SequenceParserTest.java

@@ -8,13 +8,16 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
+import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Null;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1SequenceParser;
 import org.bouncycastle.asn1.ASN1StreamParser;
 import org.bouncycastle.asn1.BERSequenceGenerator;
 import org.bouncycastle.asn1.DERSequenceGenerator;
+import org.bouncycastle.test.TestResourceFinder;
 import org.bouncycastle.util.encoders.Hex;
 
 public class ASN1SequenceParserTest 
@@ -329,6 +332,34 @@ public void testBERExplicitTaggedSequenceWriting()
        assertTrue("explicit BER tag writing test failed.", Arrays.equals(berExpTagSeqData, bOut.toByteArray()));
     }
 
+    public void testHeavilyDLNestedSequence()
+        throws Exception
+    {
+        try
+        {
+            ASN1Sequence seq = ASN1Sequence.getInstance(new ASN1InputStream(TestResourceFinder.findTestResource("asn1", "nested_seq.der")).readObject());
+            fail("no exception");
+        }
+        catch (IOException e)
+        {
+            assertEquals("maximum nested construction level reached - increase org.bouncycastle.asn1.max_cons_depth (currently 32)", e.getMessage());
+        }
+    }
+
+    public void testHeavilyBERNestedSequence()
+        throws Exception
+    {
+        try
+        {
+            ASN1Sequence seq = ASN1Sequence.getInstance(new ASN1InputStream(TestResourceFinder.findTestResource("asn1", "nested_seq_indef.ber")).readObject());
+            fail("no exception");
+        }
+        catch (IOException e)
+        {
+            assertEquals("maximum nested construction level reached - increase org.bouncycastle.asn1.max_cons_depth (currently 32)", e.getMessage());
+        }
+    }
+
     public void testSequenceWithDERNullReading()
         throws Exception
     {

core/src/test/java/org/bouncycastle/asn1/test/RegressionTest.java

@@ -57,7 +57,8 @@ public class RegressionTest
         new DERPrivateTest(),
         new X509AltTest(),
         new CertIDTest(),
-        new IANAObjectIdentifierTest()
+        new IANAObjectIdentifierTest(),
+        new StreamLimitTest()
     };
 
     public static void main(String[] args)

core/src/test/java/org/bouncycastle/asn1/test/StreamLimitTest.java

@@ -0,0 +1,74 @@
+package org.bouncycastle.asn1.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class StreamLimitTest
+    extends SimpleTest
+{
+    static final String MAX_LIMIT = "org.bouncycastle.asn1.max_limit";
+
+    public void performTest()
+        throws Exception
+    {
+        System.setProperty("org.bouncycastle.asn1.max_limit", "1024");
+
+        MyASN1InputStream asn1In = new MyASN1InputStream();
+
+        isEquals(1024, asn1In.getLimit());
+        
+        System.setProperty("org.bouncycastle.asn1.max_limit", "1024k");
+
+        asn1In = new MyASN1InputStream();
+
+        isEquals(1048576, asn1In.getLimit());
+
+        System.setProperty("org.bouncycastle.asn1.max_limit", "1024m");
+
+        asn1In = new MyASN1InputStream();
+
+        isEquals(1073741824, asn1In.getLimit());
+
+        System.setProperty("org.bouncycastle.asn1.max_limit", "1g");
+
+        asn1In = new MyASN1InputStream();
+
+        isEquals(1073741824, asn1In.getLimit());
+    }
+
+    public String getName()
+    {
+        return "StreamLimit";
+    }
+
+    public static void main(
+        String[] args)
+    {
+        runTest(new StreamLimitTest());
+    }
+
+    private static class MyASN1InputStream
+        extends ASN1InputStream
+    {
+        MyASN1InputStream()
+        {
+            super(new InputStream()
+            {
+                @Override
+                public int read()
+                    throws IOException
+                {
+                    return 0;
+                }
+            });
+        }
+
+        public int getLimit()
+        {
+            return super.getLimit();
+        }
+    }
+}