TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9643575d92440b8efc91cb60b7f0270e23f5fae8^! / .
commit9643575d92440b8efc91cb60b7f0270e23f5fae8[log] [tgz]
authorDavid Horstmann <david.horstmann@arm.com>Wed Apr 26 11:50:14 2023 +0100
committerDavid Horstmann <david.horstmann@arm.com>Wed Apr 26 11:50:14 2023 +0100
treebc44742533f8e050cb7993f0a3008c00f3e70c47
parent861e5d2742ddcdd68ab89e8177aa85381eb12ff0 [diff]
Limit OIDs to 128 components

The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.

[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48

Signed-off-by: David Horstmann <david.horstmann@arm.com>

diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index b2f5dd1..1d73506 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h

@@ -64,6 +64,11 @@
 #define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE                (1 << 16)
 
 /*
+ * Maximum number of OID components allowed
+ */
+#define MBEDTLS_OID_MAX_COMPONENTS              128
+
+/*
  * Top level OID tuples
  */
 #define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */

diff --git a/library/oid.c b/library/oid.c
index 139a707..8da4103 100644
--- a/library/oid.c
+++ b/library/oid.c

@@ -963,7 +963,7 @@
     /* Allocate maximum possible required memory:
      * There are (num_dots + 1) integer components, but the first 2 share the
      * same subidentifier, so we only need num_dots subidentifiers maximum. */
-    if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) {
+    if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
         return MBEDTLS_ERR_ASN1_INVALID_DATA;
     }
     size_t max_possible_bytes = num_dots * sizeof(unsigned int);

diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
index d4a7dea..c5f1317 100644
--- a/tests/suites/test_suite_oid.data
+++ b/tests/suites/test_suite_oid.data

@@ -158,3 +158,6 @@
 
 OID from numeric string - non-'.' separator between third and fourth
 oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - OID greater than max length (129 components)
+oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""