Harden asn1 oid loader to invalid inputs

In the event that a config file contains this sequence: ======= openssl_conf = openssl_init config_diagnostics = 1 [openssl_init] oid_section = oids [oids] testoid1 = 1.2.3.4.1 testoid2 = A Very Long OID Name, 1.2.3.4.2 testoid3 = ,1.2.3.4.3 ====== The leading comma in testoid3 can cause a heap buffer overflow, as the parsing code will move the string pointer back 1 character, thereby pointing to an invalid memory space correct the parser to detect this condition and handle it by treating it as if the comma doesn't exist (i.e. an empty long oid name) (cherry picked from commit a552c23c6502592c1b3c67d93dd7e5ffbe958aa4) Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23034)
author: Neil Horman <nhorman@openssl.org> 2023-12-05 15:24:20 -0500
committer: Tomas Mraz <tomas@openssl.org> 2023-12-15 12:39:35 +0100
commit: d802bfbf80bab00123a4a6209f255852b3a10207 (patch)
tree: fa2be4b69f25861a2a6b8738924183fe2ec400f4 /crypto
parent: 79ce9d76a29b342108362abc0cf4276103f9087e (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index 526219c1a7..9aaab8a269 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -67,6 +67,10 @@ static int do_create(const char *value, const char *name)
     if (p == NULL) {
         ln = name;
         ostr = value;
+    } else if (p == value) {
+        /* we started with a leading comma */
+        ln = name;
+        ostr = p + 1;
     } else {
         ln = value;
         ostr = p + 1;
author	Neil Horman <nhorman@openssl.org>	2023-12-05 15:24:20 -0500
committer	Tomas Mraz <tomas@openssl.org>	2023-12-15 12:39:35 +0100
commit	d802bfbf80bab00123a4a6209f255852b3a10207 (patch)
tree	fa2be4b69f25861a2a6b8738924183fe2ec400f4 /crypto
parent	79ce9d76a29b342108362abc0cf4276103f9087e (diff)