From e495a2d5b3d3be43468d0ebb413f46eeaedf7eb3 Mon Sep 17 00:00:00 2001 From: umlublin Date: Fri, 19 Nov 2021 17:10:13 +0100 Subject: cryptobyte: fix parsing of large ASN.1 OIDs Fixes golang/go#49678 Change-Id: If8a40e25edd810a66165ab78dd68d9b7fc2699f8 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/365674 Reviewed-by: Filippo Valsorda Run-TryBot: Filippo Valsorda Trust: Alex Rakoczy Trust: Bryan Mills TryBot-Result: Gopher Robot --- cryptobyte/asn1.go | 7 ++++++- cryptobyte/asn1_test.go | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cryptobyte/asn1.go b/cryptobyte/asn1.go index 83c776d..3a1674a 100644 --- a/cryptobyte/asn1.go +++ b/cryptobyte/asn1.go @@ -407,7 +407,12 @@ func (s *String) ReadASN1Enum(out *int) bool { func (s *String) readBase128Int(out *int) bool { ret := 0 for i := 0; len(*s) > 0; i++ { - if i == 4 { + if i == 5 { + return false + } + // Avoid overflowing int on a 32-bit platform. + // We don't want different behavior based on the architecture. + if ret >= 1<<(31-7) { return false } ret <<= 7 diff --git a/cryptobyte/asn1_test.go b/cryptobyte/asn1_test.go index 8b0dbdb..1187c71 100644 --- a/cryptobyte/asn1_test.go +++ b/cryptobyte/asn1_test.go @@ -247,6 +247,9 @@ func TestASN1ObjectIdentifier(t *testing.T) { {[]byte{6, 4, 85, 0x02, 0xc0, 0x00}, true, []int{2, 5, 2, 0x2000}}, {[]byte{6, 3, 0x81, 0x34, 0x03}, true, []int{2, 100, 3}}, {[]byte{6, 7, 85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}}, + {[]byte{6, 7, 85, 0x02, 0x85, 0xc7, 0xcc, 0xfb, 0x01}, true, []int{2, 5, 2, 1492336001}}, + {[]byte{6, 7, 0x55, 0x02, 0x87, 0xff, 0xff, 0xff, 0x7f}, true, []int{2, 5, 2, 2147483647}}, // 2**31-1 + {[]byte{6, 7, 0x55, 0x02, 0x88, 0x80, 0x80, 0x80, 0x00}, false, []int{}}, // 2**31 } for i, test := range testData { -- cgit v1.3