PR: 2556 (partial)

Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index d24ab92da09f2fe7d65e6c662452393d82ac90c3..3ac2bc2a01a1b224c653ae46366295ad0908ea35 100644 (file)
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
                                goto err;
                                }
-                       if (!use_bn && l >= (ULONG_MAX / 10L))
+                       if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
                                {
                                use_bn = 1;
                                if (!bl)
@@ -294,7 +294,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        /* Sanity check OID encoding: can't have leading 0x80 in
         * subidentifiers, see: X.690 8.19.2
         */
-       for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+       for (i = 0, p = *pp; i < len; i++, p++)
                {
                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
                        {