The OID sanity check was incorrect. It should only disallow *leading* 0x80

values.
author: Dr. Stephen Henson <steve@openssl.org> 2010-03-07 16:40:19 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-03-07 16:40:19 +0000
commit: 06226df1a98205ca451d1322e61ed1bde9dc05b5 (patch)
tree: 0a667cebb7606e885a067a3327bcca92dc097ee8 /crypto/asn1
parent: bf638ef026f252cb04779d9f779f135a9f56ec17 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index bd2d5a2d82..e5fbe7cbb1 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -290,12 +290,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	const unsigned char *p;
 	unsigned char *data;
 	int i;
-	/* Sanity check OID encoding: can't have 0x80 in subidentifiers, see:
-	 * X.690 8.19.2
+	/* Sanity check OID encoding: can't have leading 0x80 in
+	 * subidentifiers, see: X.690 8.19.2
 	 */
 	for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
 		{
-		if (*p == 0x80)
+		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{
 			ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
 			return NULL;
author	Dr. Stephen Henson <steve@openssl.org>	2010-03-07 16:40:19 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-03-07 16:40:19 +0000
commit	06226df1a98205ca451d1322e61ed1bde9dc05b5 (patch)
tree	0a667cebb7606e885a067a3327bcca92dc097ee8 /crypto/asn1
parent	bf638ef026f252cb04779d9f779f135a9f56ec17 (diff)