Commit dffba8f6 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Fix bug in oid_get_numeric_string()

Overflow check was done too early, causing many false positives.
parent 444b4271
......@@ -33,6 +33,7 @@
#include "polarssl/rsa.h"
#include <stdio.h>
#include <limits.h>
/*
* Macro to generate an internal function for oid_XXX_from_asn1() (used by
......@@ -521,13 +522,13 @@ int oid_get_numeric_string( char *buf, size_t size,
SAFE_SNPRINTF();
}
/* Prevent overflow in value. */
if( oid->len > sizeof(value) )
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
value = 0;
for( i = 1; i < oid->len; i++ )
{
/* Prevent overflow in value. */
if (value > (UINT_MAX >> 7) )
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
value <<= 7;
value += oid->p[i] & 0x7F;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment