fix potential infinite loop in parse_x509_der_multi()

bluele · bluele · commit a0cdc2d3cd56 · 2025-03-28T18:37:02.000+09:00
Signed-off-by: Jun Kimura &lt;jun.kimura@datachain.jp&gt;
diff --git a/crates/types/src/utils.rs b/crates/types/src/utils.rs
@@ -1,3 +1,4 @@
+use anyhow::anyhow;
 use x509_parser::oid_registry::asn1_rs::FromDer;
 use x509_parser::prelude::*;
 
@@ -33,7 +34,14 @@ pub fn parse_x509_der_multi(raw_bytes: &[u8]) -> crate::Result<Vec<X509Certifica
     let mut certs = Vec::new();
     let mut i = raw_bytes;
     while !i.is_empty() {
+        let original_len = i.len();
         let (j, cert) = X509Certificate::from_der(i)?;
+        // Check that parser is making progress to avoid infinite loop
+        if j.len() >= original_len {
+            return Err(anyhow!(
+                "X.509 parser not making progress, possible infinite loop"
+            ));
+        }
         certs.push(cert);
         i = j;
     }
diff --git a/zkvm/risc0/artifacts/dcap-quote-verifier b/zkvm/risc0/artifacts/dcap-quote-verifier
diff --git a/zkvm/risc0/src/methods.rs b/zkvm/risc0/src/methods.rs
@@ -1,4 +1,4 @@
 
-pub const DCAP_QUOTE_VERIFIER_ID: [u32; 8] = [670652583, 3052685693, 4223741116, 373457406, 3379441760, 859408996, 511595924, 2088624085];
-pub const DCAP_QUOTE_VERIFIER_ID_STR: &str = "a758f9277d49f4b5bc2cc1fbfe81421660306ec9648a393394557e1ed5df7d7c";
+pub const DCAP_QUOTE_VERIFIER_ID: [u32; 8] = [1469344566, 2571982276, 2356695967, 1474046247, 981647680, 2103389531, 2739361402, 3432988093];
+pub const DCAP_QUOTE_VERIFIER_ID_STR: &str = "366b9457c4554d999f53788c2729dc5740c1823a5b2d5f7d7a5647a3bd3d9fcc";
 pub const DCAP_QUOTE_VERIFIER_ELF: &[u8] = include_bytes!("../artifacts/dcap-quote-verifier");
