der: Reject non-canonical encodings of ASN.1 bit strings with trailing zero bytes.

briansmith · briansmith · commit c82bd61c8c5c · 2026-05-07T16:44:34.000Z
diff --git a/src/der.rs b/src/der.rs
@@ -388,6 +388,11 @@ pub(crate) fn bit_string_flags(input: untrusted::Input<'_>) -> Result<BitStringF
                     return Err(Error::BadDer);
                 }
 
+                // ITU X690-0207 11.2.2: Trailing zero bytes aren't allowed.
+                if *last == 0 {
+                    return Err(Error::BadDer);
+                }
+
                 Ok(BitStringFlags { raw_bits })
             }
 

Original file line number	Diff line number	Diff line change
`@@ -388,6 +388,11 @@ pub(crate) fn bit_string_flags(input: untrusted::Input<'_>) -> Result<BitStringF`
`388`	`388`	`return Err(Error::BadDer);`
`389`	`389`	`}`
`390`	`390`
	`391`	`+ // ITU X690-0207 11.2.2: Trailing zero bytes aren't allowed.`
	`392`	`+ if *last == 0 {`
	`393`	`+ return Err(Error::BadDer);`
	`394`	`+ }`
	`395`	`+`
`391`	`396`	`Ok(BitStringFlags { raw_bits })`
`392`	`397`	`}`
`393`	`398`