PR: 2556 (partial)

Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 0ef0ac3e8981691ce8dd817e45b9d405582083c2..3978c9150d8c4783516476ffb35777ec859cb51d 100644 (file)
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
                                goto err;
                                }
-                       if (!use_bn && l >= (ULONG_MAX / 10L))
+                       if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
                                {
                                use_bn = 1;
                                if (!bl)
@@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        /* Sanity check OID encoding: can't have leading 0x80 in
         * subidentifiers, see: X.690 8.19.2
         */
-       for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+       for (i = 0, p = *pp; i < len; i++, p++)
                {
                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
                        {