diff options
| author | Matthew Garrett <mjg@redhat.com> | 2012-07-02 12:33:42 -0400 |
|---|---|---|
| committer | Matthew Garrett <mjg@redhat.com> | 2012-07-02 12:33:42 -0400 |
| commit | d259b1406044b430fe5786cd57e272bb9c57166d (patch) | |
| tree | 308e31c8b7338e11843ac324ce20b89d765c3f45 /Cryptlib/OpenSSL/crypto/asn1/a_object.c | |
| parent | 20094cb55d476c5d053cc73cec6e0d3f2a1c8d9a (diff) | |
| download | efi-boot-shim-d259b1406044b430fe5786cd57e272bb9c57166d.tar.gz efi-boot-shim-d259b1406044b430fe5786cd57e272bb9c57166d.zip | |
Update OpenSSL
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/asn1/a_object.c')
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/asn1/a_object.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c index dc980421..3ac2bc2a 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c @@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); goto err; } - if (!use_bn && l > (ULONG_MAX / 10L)) + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { use_bn = 1; if (!bl) @@ -291,6 +291,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ASN1_OBJECT *ret=NULL; const unsigned char *p; int i; + /* Sanity check OID encoding: can't have leading 0x80 in + * subidentifiers, see: X.690 8.19.2 + */ + for (i = 0, p = *pp; i < len; i++, p++) + { + if (*p == 0x80 && (!i || !(p[-1] & 0x80))) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ |