Math/BinaryField: fix for excessively large degrees

phpseclib/Math/BinaryField.php

@@ -48,6 +48,15 @@ class BinaryField extends FiniteField
     public function __construct(...$indices)
     {
         $m = array_shift($indices);
+        if ($m > 571) {
+            /* sect571r1 and sect571k1 are the largest binary curves that https://www.secg.org/sec2-v2.pdf defines
+               altho theoretically there may be legit reasons to use binary finite fields with larger degrees
+               imposing a limit on the maximum size is both reasonable and precedented. in particular,
+               http://tools.ietf.org/html/rfc4253#section-6.1 (The Secure Shell (SSH) Transport Layer Protocol) says
+               "implementations SHOULD check that the packet length is reasonable in order for the implementation to
+                avoid denial of service and/or buffer overflow attacks" */
+            throw new \OutOfBoundsException('Degrees larger than 571 are not supported');
+        }
         $val = str_repeat('0', $m) . '1';
         foreach ($indices as $index) {
             $val[$index] = '1';

tests/Unit/Crypt/EC/KeyTest.php

@@ -704,4 +704,20 @@ public function testIEEESignature()
 
         $this->assertTrue($key->verify('hello world!', $signature));
     }
+
+    public function testExcessivelyLargeBinaryField()
+    {
+        $this->expectException('\OutOfBoundsException');
+
+        $key = '-----BEGIN PUBLIC KEY-----
+MIIBDDCB0wYHKoZIzj0CATCBxwIBATAgBgcqhkjOPQECMBUCBH////8GCSqGSM49
+AQIDAgICAMEwTQQZABeFj+t6mJdRaeFx93tAh94JisipEd97AQQZAP37Sb/mw6if
+rK2qeh5bvHzBwuXYMUeIFAMVABA/rsdNaW5naHVhUXV3f8Wxke8wBDMEAfSBvF8P
++Ep0rWzfb970v2F5YlNy2MDF4QAl45nykDcSzPPqnjoa0X+wsyAbavfOGwUCGQEA
+AAAAAAAAAAAAAADH80p3j0Q6zJIOukkCAQIDNAAEAE2mUTAwdPK952h3G8ZinK8B
+z9DYTLdGkQDqox3AtEs9nn6kE1O/vHE4bqMegjj4gbA=
+-----END PUBLIC KEY-----';
+        $key = EC::loadFormat('PKCS8', $key);
+        $this->assertInstanceOf(PublicKey::class, $key);
+    }
 }