PR: 2556 (partial)
authorDr. Stephen Henson <steve@openssl.org>
Thu, 14 Jul 2011 12:01:53 +0000 (12:01 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 14 Jul 2011 12:01:53 +0000 (12:01 +0000)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.

crypto/asn1/a_object.c

index 0ef0ac3..3978c91 100644 (file)
@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
                                goto err;
                                }
-                       if (!use_bn && l >= (ULONG_MAX / 10L))
+                       if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
                                {
                                use_bn = 1;
                                if (!bl)
@@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        /* Sanity check OID encoding: can't have leading 0x80 in
         * subidentifiers, see: X.690 8.19.2
         */
-       for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+       for (i = 0, p = *pp; i < len; i++, p++)
                {
                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
                        {