summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKamen Mazdrashki <kamenim@samba.org>2010-10-20 13:45:59 +0300
committerKamen Mazdrashki <kamenim@samba.org>2010-10-22 01:48:58 +0300
commit6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f (patch)
tree3c6b59829ae4814795d1ac2ec14159b4755ca909
parentc74ef7acf49f5e447373643c2e28c1dad56f451d (diff)
downloadsamba-6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f.tar.gz
samba-6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f.tar.xz
samba-6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f.zip
asn1: ber_write_OID_String() to be more picky about supplied OID
Now function will check for invalid OID handling cases where: - sub-identifier has invalid characters (non-digit) - 'dot' separator found on unexpected place. For instance '.' at start or end of the OID. Two '.' in a row.
-rw-r--r--lib/util/asn1.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 2a71f2f79de..21d4bd43088 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -221,10 +221,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
char *newp;
int i;
+ if (!isdigit(*p)) return false;
v = strtoul(p, &newp, 10);
if (newp[0] != '.') return false;
p = newp + 1;
+ if (!isdigit(*p)) return false;
v2 = strtoul(p, &newp, 10);
if (newp[0] != '.') return false;
p = newp + 1;
@@ -237,9 +239,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
i = 1;
while (*p) {
+ if (!isdigit(*p)) return false;
v = strtoul(p, &newp, 10);
if (newp[0] == '.') {
p = newp + 1;
+ /* check for empty last component */
+ if (!*p) return false;
} else if (newp[0] == '\0') {
p = newp;
} else {