From 6b63ad6ff1bfcb7fcfb3e0f3cd4636ff222ab88f Mon Sep 17 00:00:00 2001
From: Kamen Mazdrashki <kamenim@samba.org>
Date: Wed, 20 Oct 2010 13:45:59 +0300
Subject: asn1: ber_write_OID_String() to be more picky about supplied OID

Now function will check for invalid OID handling cases where:
 - sub-identifier has invalid characters (non-digit)
 - 'dot' separator found on unexpected place. For instance
    '.' at start or end of the OID. Two '.' in a row.
---
 lib/util/asn1.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 2a71f2f79d..21d4bd4308 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -221,10 +221,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
 	char *newp;
 	int i;
 
+	if (!isdigit(*p)) return false;
 	v = strtoul(p, &newp, 10);
 	if (newp[0] != '.') return false;
 	p = newp + 1;
 
+	if (!isdigit(*p)) return false;
 	v2 = strtoul(p, &newp, 10);
 	if (newp[0] != '.') return false;
 	p = newp + 1;
@@ -237,9 +239,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
 
 	i = 1;
 	while (*p) {
+		if (!isdigit(*p)) return false;
 		v = strtoul(p, &newp, 10);
 		if (newp[0] == '.') {
 			p = newp + 1;
+			/* check for empty last component */
+			if (!*p) return false;
 		} else if (newp[0] == '\0') {
 			p = newp;
 		} else {
-- 
cgit