From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 7 Mar 2010 16:40:19 +0000 (+0000)
Subject: The OID sanity check was incorrect. It should only disallow *leading* 0x80
X-Git-Tag: OpenSSL_1_0_0~23
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=06226df1a98205ca451d1322e61ed1bde9dc05b5;hp=bf638ef026f252cb04779d9f779f135a9f56ec17

The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.
---

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index bd2d5a2d82..e5fbe7cbb1 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -290,12 +290,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	const unsigned char *p;
 	unsigned char *data;
 	int i;
-	/* Sanity check OID encoding: can't have 0x80 in subidentifiers, see:
-	 * X.690 8.19.2
+	/* Sanity check OID encoding: can't have leading 0x80 in
+	 * subidentifiers, see: X.690 8.19.2
 	 */
 	for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
 		{
-		if (*p == 0x80)
+		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{
 			ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
 			return NULL;