The OID sanity check was incorrect. It should only disallow *leading* 0x80

author Dr. Stephen Henson <steve@openssl.org>

Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c

index d169f8c14736e486ba0526eb387499bd42eeaa86..365e4673a95c37dda900592cd6896019a968eaf7 100644 (file)
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -291,12 +291,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         ASN1_OBJECT *ret=NULL;
         const unsigned char *p;
         int i;
-       /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see:
-        * X.690 8.19.2
+       /* Sanity check OID encoding: can't have leading 0x80 in
+        * subidentifiers, see: X.690 8.19.2
          */
         for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
                 {
-               if (*p == 0x80)
+               if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
                         {
                         ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
                         return NULL;
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)