From e497fb7edee04454e0f08fd1ed975fa6966341ac Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Thu, 26 May 2005 21:46:40 +0000 Subject: [PATCH] Allow decoding of zero-length OIDs, but reject OIDs longer than OID_SIZE. --- src/ber_oid.c | 11 ++++++++--- src/odr_oid.c | 4 ++-- src/oid.c | 19 ++++++++++++------- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/src/ber_oid.c b/src/ber_oid.c index 11da7c3..e1947d6 100644 --- a/src/ber_oid.c +++ b/src/ber_oid.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: ber_oid.c,v 1.5 2005-01-15 19:47:11 adam Exp $ + * $Id: ber_oid.c,v 1.6 2005-05-26 21:46:40 adam Exp $ */ /** @@ -18,7 +18,7 @@ #include "odr-priv.h" -int ber_oidc(ODR o, Odr_oid *p) +int ber_oidc(ODR o, Odr_oid *p, int max_oid_size) { int len, lenp, end; int pos, n, res, id; @@ -32,7 +32,7 @@ int ber_oidc(ODR o, Odr_oid *p) odr_seterror(o, OPROTO, 18); return 0; } - if (len <= 0) + if (len < 0) { odr_seterror(o, OPROTO, 19); return 0; @@ -69,6 +69,11 @@ int ber_oidc(ODR o, Odr_oid *p) p[1] = id - p[0] * 40; pos = 2; } + if (pos >= max_oid_size) + { + odr_seterror(o, OPROTO, 55); + return 0; + } } p[pos] = -1; return 1; diff --git a/src/odr_oid.c b/src/odr_oid.c index aaacbe5..5b579cc 100644 --- a/src/odr_oid.c +++ b/src/odr_oid.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: odr_oid.c,v 1.5 2005-01-15 19:47:14 adam Exp $ + * $Id: odr_oid.c,v 1.6 2005-05-26 21:46:40 adam Exp $ */ /** * \file odr_oid.c @@ -52,5 +52,5 @@ int odr_oid(ODR o, Odr_oid **p, int opt, const char *name) } if (o->direction == ODR_DECODE) *p = (int *)odr_malloc(o, OID_SIZE * sizeof(**p)); - return ber_oidc(o, *p); + return ber_oidc(o, *p, OID_SIZE); } diff --git a/src/oid.c b/src/oid.c index ac33b0e..8ae7508 100644 --- a/src/oid.c +++ b/src/oid.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: oid.c,v 1.7 2005-01-15 19:47:14 adam Exp $ + * $Id: oid.c,v 1.8 2005-05-26 21:46:41 adam Exp $ */ /** @@ -493,7 +493,6 @@ struct oident *oid_addent (int *oid, enum oid_proto proto, nmem_mutex_enter (oid_mutex); if (!oident) { - char desc_str[200]; struct oident_list *oident_list; oident_list = (struct oident_list *) nmem_malloc (oid_nmem, sizeof(*oident_list)); @@ -503,14 +502,20 @@ struct oident *oid_addent (int *oid, enum oid_proto proto, if (!desc) { + char desc_str[OID_SIZE*10]; int i; - sprintf (desc_str, "%d", *oid); - for (i = 1; i < 12 && oid[i] >= 0; i++) - sprintf (desc_str+strlen(desc_str), ".%d", oid[i]); - desc = desc_str; + *desc_str = '\0'; + if (*oid >= 0) + { + sprintf (desc_str, "%d", *oid); + for (i = 1; i < OID_SIZE && oid[i] >= 0; i++) + sprintf (desc_str+strlen(desc_str), ".%d", oid[i]); + } + oident->desc = nmem_strdup(oid_nmem, desc_str); } - oident->desc = nmem_strdup (oid_nmem, desc); + else + oident->desc = nmem_strdup(oid_nmem, desc); if (value == VAL_DYNAMIC) oident->value = (enum oid_value) (++oid_value_dynamic); else -- 1.7.10.4