diff options
| author | Kamen Mazdrashki <kamenim@samba.org> | 2010-10-20 13:45:59 +0300 |
|---|---|---|
| committer | Kamen Mazdrashki <kamenim@samba.org> | 2010-10-22 01:48:58 +0300 |
| commit | 6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f (patch) | |
| tree | 3c6b59829ae4814795d1ac2ec14159b4755ca909 /lib | |
| parent | c74ef7acf49f5e447373643c2e28c1dad56f451d (diff) | |
| download | samba-6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f.tar.gz samba-6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f.tar.xz samba-6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f.zip | |
asn1: ber_write_OID_String() to be more picky about supplied OID
Now function will check for invalid OID handling cases where:
- sub-identifier has invalid characters (non-digit)
- 'dot' separator found on unexpected place. For instance
'.' at start or end of the OID. Two '.' in a row.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/util/asn1.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/util/asn1.c b/lib/util/asn1.c index 2a71f2f79d..21d4bd4308 100644 --- a/lib/util/asn1.c +++ b/lib/util/asn1.c @@ -221,10 +221,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID) char *newp; int i; + if (!isdigit(*p)) return false; v = strtoul(p, &newp, 10); if (newp[0] != '.') return false; p = newp + 1; + if (!isdigit(*p)) return false; v2 = strtoul(p, &newp, 10); if (newp[0] != '.') return false; p = newp + 1; @@ -237,9 +239,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID) i = 1; while (*p) { + if (!isdigit(*p)) return false; v = strtoul(p, &newp, 10); if (newp[0] == '.') { p = newp + 1; + /* check for empty last component */ + if (!*p) return false; } else if (newp[0] == '\0') { p = newp; } else { |