From a1f888c8d35ebce2c0b3a6be4e7dc4f7d9dfcf63 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Mon, 17 Apr 2006 07:40:15 +0000 Subject: [PATCH] For decoding of OIDs, do more sanity checks , so that we don't end up in a situation where an OID can be decoded but not encoded. --- src/ber_oid.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/ber_oid.c b/src/ber_oid.c index 6a0541e..ed05298 100644 --- a/src/ber_oid.c +++ b/src/ber_oid.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: ber_oid.c,v 1.7 2005-06-25 15:46:03 adam Exp $ + * $Id: ber_oid.c,v 1.8 2006-04-17 07:40:15 adam Exp $ */ /** @@ -59,6 +59,12 @@ int ber_oidc(ODR o, Odr_oid *p, int max_oid_size) len--; } while (*(o->bp++) & 0X80); + + if (id < 0) + { + odr_seterror(o, ODATA, 23); + return 0; + } if (pos > 0) p[pos++] = id; else @@ -75,6 +81,11 @@ int ber_oidc(ODR o, Odr_oid *p, int max_oid_size) return 0; } } + if (pos < 2 || p[0] < 0 || p[1] < 0) + { + odr_seterror(o, ODATA, 23); + return 0; + } p[pos] = -1; return 1; case ODR_ENCODE: @@ -88,7 +99,7 @@ int ber_oidc(ODR o, Odr_oid *p, int max_oid_size) odr_seterror(o, ODATA, 23); return 0; } - for (pos = 1; p[pos] >= 0; pos++) + for (pos = 1; p[pos] != -1; pos++) { n = 0; if (pos == 1) -- 1.7.10.4