Limit OIDs to 128 components The longest OID known by oid-info.com is 34 components[1], so 128 should be plenty and will limit the potential for attacks. [1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48 Signed-off-by: David Horstmann <david.horstmann@arm.com>

commit: 9643575d92440b8efc91cb60b7f0270e23f5fae8 [log] [tgz]
author: David Horstmann <david.horstmann@arm.com> Wed Apr 26 11:50:14 2023 +0100
committer: David Horstmann <david.horstmann@arm.com> Wed Apr 26 11:50:14 2023 +0100
tree: bc44742533f8e050cb7993f0a3008c00f3e70c47
parent: 861e5d2742ddcdd68ab89e8177aa85381eb12ff0 [diff] [blame]
diff --git a/library/oid.c b/library/oid.c
index 139a707..8da4103 100644
--- a/library/oid.c
+++ b/library/oid.c

@@ -963,7 +963,7 @@
     /* Allocate maximum possible required memory:
      * There are (num_dots + 1) integer components, but the first 2 share the
      * same subidentifier, so we only need num_dots subidentifiers maximum. */
-    if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) {
+    if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
         return MBEDTLS_ERR_ASN1_INVALID_DATA;
     }
     size_t max_possible_bytes = num_dots * sizeof(unsigned int);
commit	9643575d92440b8efc91cb60b7f0270e23f5fae8	[log] [tgz]
author	David Horstmann <david.horstmann@arm.com>	Wed Apr 26 11:50:14 2023 +0100
committer	David Horstmann <david.horstmann@arm.com>	Wed Apr 26 11:50:14 2023 +0100
tree	bc44742533f8e050cb7993f0a3008c00f3e70c47
parent	861e5d2742ddcdd68ab89e8177aa85381eb12ff0 [diff] [blame]