From 0a1e9944179033c72f1fa9f9c13fabddc1945aeb Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Wed, 11 Feb 2004 23:49:28 +0000
Subject: [PATCH] Fixed two bugs in OID codec - ber_oidc. Throw error when
 encoding or decoding bad truncated OID. Fix decoding of OID
 X.Y when X=2, Y>39.

---
 CHANGELOG     |    3 +++
 src/ber_oid.c |   50 +++++++++++++++++++++++++-------------------------
 2 files changed, 28 insertions(+), 25 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index c678e06..a377105 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 Possible compatibility problems with earlier versions marked with '*'.
 
+Fixed two bugs in OID codec - ber_oidc. Throw error when encoding/decoding
+bad truncated OID. Fix decoding of OID X.Y... when X=2 and Y>39.
+
 Fixed a bug in ASN.1 compiler that caused Type-1 Operator codec to fail.
 
 Make ZOOM error code for "invalid query".
diff --git a/src/ber_oid.c b/src/ber_oid.c
index 276b49b..6a738e1 100644
--- a/src/ber_oid.c
+++ b/src/ber_oid.c
@@ -1,9 +1,8 @@
 /*
- * Copyright (c) 1995-2003, Index Data
+ * Copyright (c) 1995-2004, Index Data
  * See the file LICENSE for details.
- * Sebastian Hammer, Adam Dickmeiss
  *
- * $Id: ber_oid.c,v 1.1 2003-10-27 12:21:30 adam Exp $
+ * $Id: ber_oid.c,v 1.2 2004-02-11 23:49:28 adam Exp $
  */
 #if HAVE_CONFIG_H
 #include <config.h>
@@ -25,32 +24,21 @@ int ber_oidc(ODR o, Odr_oid *p)
             odr_seterror(o, OPROTO, 18);
             return 0;
         }
-        if (len < 0)
+        if (len <= 0)
         {
             odr_seterror(o, OPROTO, 19);
             return 0;
         }
         o->bp += res;
-        if (len == 0)
-        {
-            *p = -1;
-            return 1;
-        }
         if (len > odr_max(o))
         {
             odr_seterror(o, OPROTO, 20);
             return 0;
         }
-        p[0] = *o->bp / 40;
-        if (p[0] > 2)
-            p[0] = 2;
-        p[1] = *o->bp - p[0] * 40;
-        o->bp++;
-        pos = 2;
-        len--;
-        while (len)
-        {
-            p[pos] = 0;
+        pos = 0;
+	while (len)
+	{
+            int id = 0;
             do
             {
                 if (!len)
@@ -58,13 +46,22 @@ int ber_oidc(ODR o, Odr_oid *p)
                     odr_seterror(o, OPROTO, 21);
                     return 0;
                 }
-                p[pos] <<= 7;
-                p[pos] |= *o->bp & 0X7F;
+                id <<= 7;
+                id |= *o->bp & 0X7F;
                 len--;
             }
             while (*(o->bp++) & 0X80);
-            pos++;
-        }
+            if (pos > 0)
+                p[pos++] = id;
+	    else
+            {
+                p[0] = id / 40;
+		if (p[0] > 2)
+                    p[0] = 2;
+		p[1] = id - p[0] * 40;
+		pos = 2;
+            }
+	}
         p[pos] = -1;
         return 1;
     case ODR_ENCODE:
@@ -73,15 +70,18 @@ int ber_oidc(ODR o, Odr_oid *p)
         lenp = odr_tell(o);
         if (odr_putc(o, 0) < 0)   /* dummy */
             return 0;
-        if (p[0] < 0 && p[1] <= 0)
+        if (p[0] < 0 || p[1] <= 0)
         {
             odr_seterror(o, ODATA, 23);
             return 0;
         }
         for (pos = 1; p[pos] >= 0; pos++)
         {
-            id = pos > 1 ? p[pos] : p[0] * 40 + p[1];
             n = 0;
+            if (pos == 1)
+                id = p[0]*40 + p[1];
+	    else 
+                id = p[pos];
             do
             {
                 octs[n++] = id & 0X7F;
-- 
1.7.10.4