diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-07-24 11:15:55 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-07-24 11:15:55 +0000 |
commit | b4c81fb6dbd1ee884dff681a94bab4ab9ec59377 (patch) | |
tree | 4d90340447edb648e8abaa0767677542c6d1ead1 /crypto/asn1 | |
parent | 0f566bda2bed59baf056f337e59a8ed88f08e351 (diff) |
Update from 0.9.8-stable
Diffstat (limited to 'crypto/asn1')
-rw-r--r-- | crypto/asn1/a_object.c | 11 | ||||
-rw-r--r-- | crypto/asn1/asn1.h | 1 | ||||
-rw-r--r-- | crypto/asn1/asn1_err.c | 3 |
3 files changed, 14 insertions, 1 deletions
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index f1a5a1e31e..bd2d5a2d82 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -290,6 +290,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, const unsigned char *p; unsigned char *data; int i; + /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see: + * X.690 8.19.2 + */ + for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + { + if (*p == 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index d85b3dd4a3..39c2333d33 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1327,6 +1327,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INVALID_MIME_TYPE 205 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 216 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 664f158bb3..6e04d08f31 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -248,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, +{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, |