cryptobyte: fix parsing of large ASN.1 OIDs

Fixes golang/go#49678

Change-Id: If8a40e25edd810a66165ab78dd68d9b7fc2699f8
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/365674
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Alex Rakoczy <alex@golang.org>
Trust: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

2 files changed, 9 insertions, 1 deletions

diff --git a/cryptobyte/asn1.go b/cryptobyte/asn1.go
index 83c776d..3a1674a 100644
--- a/cryptobyte/asn1.go
+++ b/cryptobyte/asn1.go
@@ -407,7 +407,12 @@ func (s *String) ReadASN1Enum(out *int) bool {
 func (s *String) readBase128Int(out *int) bool {
 	ret := 0
 	for i := 0; len(*s) > 0; i++ {
-		if i == 4 {
+		if i == 5 {
+			return false
+		}
+		// Avoid overflowing int on a 32-bit platform.
+		// We don't want different behavior based on the architecture.
+		if ret >= 1<<(31-7) {
 			return false
 		}
 		ret <<= 7
diff --git a/cryptobyte/asn1_test.go b/cryptobyte/asn1_test.go
index 8b0dbdb..1187c71 100644
--- a/cryptobyte/asn1_test.go
+++ b/cryptobyte/asn1_test.go
@@ -247,6 +247,9 @@ func TestASN1ObjectIdentifier(t *testing.T) {
 		{[]byte{6, 4, 85, 0x02, 0xc0, 0x00}, true, []int{2, 5, 2, 0x2000}},
 		{[]byte{6, 3, 0x81, 0x34, 0x03}, true, []int{2, 100, 3}},
 		{[]byte{6, 7, 85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}},
+		{[]byte{6, 7, 85, 0x02, 0x85, 0xc7, 0xcc, 0xfb, 0x01}, true, []int{2, 5, 2, 1492336001}},
+		{[]byte{6, 7, 0x55, 0x02, 0x87, 0xff, 0xff, 0xff, 0x7f}, true, []int{2, 5, 2, 2147483647}}, // 2**31-1
+		{[]byte{6, 7, 0x55, 0x02, 0x88, 0x80, 0x80, 0x80, 0x00}, false, []int{}},                   // 2**31
 	}
 
 	for i, test := range testData {