From 2157d97e87e979ec9a07aed1f8e5e324bacfc50d Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Thu, 14 Dec 2023 15:33:09 +0000
Subject: [PATCH] OPENSSL_assert() that the passed nid is within range

discussed with deraadt and jsing
---
 lib/libcrypto/objects/obj_dat.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c
index a70f4cf5b49..bd8601c316e 100644
--- a/lib/libcrypto/objects/obj_dat.c
+++ b/lib/libcrypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.70 2023/12/14 14:45:45 tb Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.71 2023/12/14 15:33:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -339,6 +339,8 @@ obj_objs_cmp(const void *aobj, const void *b)
 {
 	const unsigned int *nid = b;
 
+	OPENSSL_assert(*nid >= 0 && *nid < NUM_NID);
+
 	return OBJ_cmp(aobj, &nid_objs[*nid]);
 }
 
@@ -379,6 +381,8 @@ ln_objs_cmp(const void *ln, const void *b)
 {
 	const unsigned int *nid = b;
 
+	OPENSSL_assert(*nid >= 0 && *nid < NUM_NID);
+
 	return strcmp(ln, nid_objs[*nid].ln);
 }
 
@@ -416,6 +420,8 @@ sn_objs_cmp(const void *sn, const void *b)
 {
 	const unsigned int *nid = b;
 
+	OPENSSL_assert(*nid >= 0 && *nid < NUM_NID);
+
 	return strcmp(sn, nid_objs[*nid].sn);
 }
 
-- 
2.20.1