lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Limit OIDs to 128 components

Browse Source 
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.

[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann
2023-04-26 11:50:14 +01:00
parent 861e5d2742
commit 9643575d92
3 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/oid.c
View File

@ -963,7 +963,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid,
/* Allocate maximum possible required memory:
* There are (num_dots + 1) integer components, but the first 2 share the
* same subidentifier, so we only need num_dots subidentifiers maximum. */
if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) {
if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
size_t max_possible_bytes = num_dots * sizeof(unsigned int);