Detect truncated ASN data as UnparsableKeyError

dkim/asn1.py

@@ -53,6 +53,7 @@ def asn1_parse(template, data):
     data = bytearray(data)
     r = []
     i = 0
+    try:
       for t in template:
           tag = data[i]
           i += 1
@@ -90,7 +91,8 @@ def asn1_parse(template, data):
               raise ASN1FormatError(
                   "Unexpected tag (got %02x, expecting %02x)" % (tag, t[0]))
       return r
-
+    except IndexError:
+      raise ASN1FormatError("Data truncated at byte %d"%i)
 
 def asn1_length(n):
     """Return a string representing a field length in ASN.1 format.

dkim/tests/data/test_bad.txt

@@ -0,0 +1 @@
+v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkHlOQoBTzWRiGs5V6NpP3idY6Wk08a5qhdR6wy5bdOKb2jLQiY/J16JYi0Qvx/byYzCNb3W91y3FutACDfzwQ/BC/e/8uBsCR+yz1Lxj+PL6lHvqMKrM3rG4hstT5QjvHO9PzoxZyVYLzBfO2EeC3Ip3G+2kryOTIKT+l/K4w3QIDAQA=

dkim/tests/test_crypto.py

@@ -23,6 +23,7 @@ import unittest
 
 from dkim.crypto import (
     DigestTooLargeError,
+    UnparsableKeyError,
     EMSA_PKCS1_v1_5_encode,
     int2str,
     parse_pem_private_key,
@@ -108,7 +109,11 @@ class TestParseKeys(unittest.TestCase):
         key = parse_public_key(base64.b64decode(parse_tag_value(data)[b'p']))
         self.assertEqual(key['modulus'], TEST_KEY_MODULUS)
         self.assertEqual(key['publicExponent'], TEST_KEY_PUBLIC_EXPONENT)
-
+        try:
+          data = read_test_data('test_bad.txt')
+          key = parse_public_key(base64.b64decode(parse_tag_value(data)[b'p']))
+        except UnparsableKeyError: return
+        self.fail("failed to reject invalid public key")
 
 class TestEMSA_PKCS1_v1_5(unittest.TestCase):