commit 73251faf2cb043dc9795b46c98c7084482d2aed2
author Paul Kehrer <paul.l.kehrer@gmail.com> Sat Dec 06 23:17:23 2014 -0600
committer Paul Kehrer <paul.l.kehrer@gmail.com> Sat Dec 06 23:17:23 2014 -0600
tree 3ba6a0affac68bdb282742d8cc22e3ef40cb90c8
parent d5fe4ba989f1c8ff5494fee3f6404a14456eac8d

catch PyAsn1Error when decoding rfc6979 signature

src/cryptography/hazmat/primitives/asymmetric/utils.py

diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py
index 36b9080..08bb40c 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/utils.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py
@@ -5,6 +5,7 @@
 from __future__ import absolute_import, division, print_function
 
 from pyasn1.codec.der import decoder, encoder
+from pyasn1.error import PyAsn1Error
 from pyasn1.type import namedtype, univ
 
 
@@ -16,7 +17,11 @@
 
 
 def decode_rfc6979_signature(signature):
-    data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue())
+    try:
+        data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue())
+    except PyAsn1Error:
+        raise ValueError("Invalid signature data. Unable to decode ASN.1")
+
     if remaining:
         raise ValueError(
             "The signature contains bytes after the end of the ASN.1 sequence."

tests/hazmat/primitives/test_asym_utils.py

diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py
index f8a67b6..640b5b3 100644
--- a/tests/hazmat/primitives/test_asym_utils.py
+++ b/tests/hazmat/primitives/test_asym_utils.py
@@ -39,3 +39,8 @@
 def test_decode_rfc6979_trailing_bytes():
     with pytest.raises(ValueError):
         decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00")
+
+
+def test_decode_rfc6979_invalid_asn1():
+    with pytest.raises(ValueError):
+        decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")