PR: 2556 (partial)

Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de> Reviewed by: steve Fix OID routines. Check on encoding leading zero rejection should start at beginning of encoding. Allow for initial digit when testing when to use BIGNUMs which can increase first value by 2 * 40.
author: Dr. Stephen Henson <steve@openssl.org> 2011-07-14 12:01:53 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-07-14 12:01:53 +0000
commit: 9fe51d5f73fdd07d6bae82f415f203bafb4b00f5 (patch)
tree: ddc4d53357e2fd8bfbf56e2d3dddf80dfea40148
parent: b79853c26206ba9e45e2de4e3582630a0b1c78f1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 0ef0ac3e89..3978c9150d 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
 				goto err;
 				}
-			if (!use_bn && l >= (ULONG_MAX / 10L))
+			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
 				{
 				use_bn = 1;
 				if (!bl)
@@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	/* Sanity check OID encoding: can't have leading 0x80 in
 	 * subidentifiers, see: X.690 8.19.2
 	 */
-	for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+	for (i = 0, p = *pp; i < len; i++, p++)
 		{
 		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{
author	Dr. Stephen Henson <steve@openssl.org>	2011-07-14 12:01:53 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-07-14 12:01:53 +0000
commit	9fe51d5f73fdd07d6bae82f415f203bafb4b00f5 (patch)
tree	ddc4d53357e2fd8bfbf56e2d3dddf80dfea40148
parent	b79853c26206ba9e45e2de4e3582630a0b1c78f1 (diff)