The OID sanity check was incorrect. It should only disallow *leading* 0x80

[openssl.git] / crypto / asn1 / a_object.c

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index f1a5a1e31e4a9367c0a657df1b9c782a44f5ed99..e5fbe7cbb1042bb80fb1399cb52a1d3ac4f8a55f 100644 (file)
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        const unsigned char *p;
        unsigned char *data;
        int i;
+       /* Sanity check OID encoding: can't have leading 0x80 in
+        * subidentifiers, see: X.690 8.19.2
+        */
+       for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+               {
+               if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+                       {
+                       ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+                       return NULL;
+                       }
+               }
 
        /* only the ASN1_OBJECTs from the 'table' will have values
         * for ->sn or ->ln */