diff options
| author | Richard Levitte <levitte@openssl.org> | 2023-05-12 10:00:13 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-05-29 15:31:39 +0200 |
| commit | db779b0e10b047f2585615e0b8f2acdf21f8544a (patch) | |
| tree | 5b2818e99c968c18d8d297eb11fb3726af525606 /crypto/evp/evp_pbe.c | |
| parent | a14ed48e84093cb64fa33d360204b49f7738e16d (diff) | |
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.
To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:
> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).
Fixes otc/security#96
Fixes CVE-2023-2650
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'crypto/evp/evp_pbe.c')
0 files changed, 0 insertions, 0 deletions