-/* $OpenBSD: a_object.c,v 1.22 2014/07/12 16:03:36 miod Exp $ */
+/* $OpenBSD: a_object.c,v 1.23 2014/08/08 04:53:43 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
ASN1_OBJECT *ret = NULL;
const unsigned char *p;
unsigned char *data;
- int i;
+ int i, length;
- /* Sanity check OID encoding: can't have leading 0x80 in
- * subidentifiers, see: X.690 8.19.2
+ /*
+ * Sanity check OID encoding:
+ * - need at least one content octet
+ * - MSB must be clear in the last octet
+ * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
*/
- for (i = 0, p = *pp; i < len; i++, p++) {
+ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+ p[len - 1] & 0x80) {
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+ return (NULL);
+ }
+
+ /* Now 0 < len <= INT_MAX, so the cast is safe. */
+ length = (int)len;
+ for (i = 0; i < length; i++, p++) {
if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
ASN1err(ASN1_F_C2I_ASN1_OBJECT,
ASN1_R_INVALID_OBJECT_ENCODING);
data = (unsigned char *)ret->data;
ret->data = NULL;
/* once detached we can change it */
- if ((data == NULL) || (ret->length < len)) {
+ if ((data == NULL) || (ret->length < length)) {
ret->length = 0;
free(data);
- data = malloc(len ? len : 1);
+ data = malloc(length);
if (data == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
}
- memcpy(data, p, len);
+ memcpy(data, p, length);
/* reattach data to object, after which it remains const */
ret->data = data;
- ret->length = (int)len;
+ ret->length = length;
ret->sn = NULL;
ret->ln = NULL;
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
- p += len;
+ p += length;
if (a != NULL)
(*a) = ret;
-/* $OpenBSD: obj_dat.c,v 1.30 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.31 2014/08/08 04:53:43 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
unsigned long l;
const unsigned char *p;
+ /* Ensure that, at every state, |buf| is NUL-terminated. */
+ if (buf_len > 0)
+ buf[0] = '\0';
+
if ((a == NULL) || (a->data == NULL))
goto err;
i = (int)(l / 40);
l -= (long)(i * 40);
}
- if (buf_len > 0) {
+ if (buf_len > 1) {
*buf++ = i + '0';
+ *buf = '\0';
buf_len--;
}
ret++;
-/* $OpenBSD: a_object.c,v 1.22 2014/07/12 16:03:36 miod Exp $ */
+/* $OpenBSD: a_object.c,v 1.23 2014/08/08 04:53:43 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
ASN1_OBJECT *ret = NULL;
const unsigned char *p;
unsigned char *data;
- int i;
+ int i, length;
- /* Sanity check OID encoding: can't have leading 0x80 in
- * subidentifiers, see: X.690 8.19.2
+ /*
+ * Sanity check OID encoding:
+ * - need at least one content octet
+ * - MSB must be clear in the last octet
+ * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
*/
- for (i = 0, p = *pp; i < len; i++, p++) {
+ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+ p[len - 1] & 0x80) {
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+ return (NULL);
+ }
+
+ /* Now 0 < len <= INT_MAX, so the cast is safe. */
+ length = (int)len;
+ for (i = 0; i < length; i++, p++) {
if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
ASN1err(ASN1_F_C2I_ASN1_OBJECT,
ASN1_R_INVALID_OBJECT_ENCODING);
data = (unsigned char *)ret->data;
ret->data = NULL;
/* once detached we can change it */
- if ((data == NULL) || (ret->length < len)) {
+ if ((data == NULL) || (ret->length < length)) {
ret->length = 0;
free(data);
- data = malloc(len ? len : 1);
+ data = malloc(length);
if (data == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
}
- memcpy(data, p, len);
+ memcpy(data, p, length);
/* reattach data to object, after which it remains const */
ret->data = data;
- ret->length = (int)len;
+ ret->length = length;
ret->sn = NULL;
ret->ln = NULL;
/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
- p += len;
+ p += length;
if (a != NULL)
(*a) = ret;
-/* $OpenBSD: obj_dat.c,v 1.30 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.31 2014/08/08 04:53:43 guenther Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
unsigned long l;
const unsigned char *p;
+ /* Ensure that, at every state, |buf| is NUL-terminated. */
+ if (buf_len > 0)
+ buf[0] = '\0';
+
if ((a == NULL) || (a->data == NULL))
goto err;
i = (int)(l / 40);
l -= (long)(i * 40);
}
- if (buf_len > 0) {
+ if (buf_len > 1) {
*buf++ = i + '0';
+ *buf = '\0';
buf_len--;
}
ret++;
projects / openbsd / commitdiff