Changeset View
Changeset View
Standalone View
Standalone View
crypto/objects/obj_dat.c
/* | /* | ||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. | ||||
* | * | ||||
* Licensed under the Apache License 2.0 (the "License"). You may not use | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||||
* this file except in compliance with the License. You can obtain a copy | * this file except in compliance with the License. You can obtain a copy | ||||
Context not available. | |||||
first = 1; | first = 1; | ||||
bl = NULL; | bl = NULL; | ||||
/* | |||||
* RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs: | |||||
* | |||||
* > 3.5. OBJECT IDENTIFIER values | |||||
* > | |||||
* > An OBJECT IDENTIFIER value is an ordered list of non-negative | |||||
* > numbers. For the SMIv2, each number in the list is referred to as a | |||||
* > sub-identifier, there are at most 128 sub-identifiers in a value, | |||||
* > and each sub-identifier has a maximum value of 2^32-1 (4294967295 | |||||
* > decimal). | |||||
* | |||||
* So a legitimate OID according to this RFC is at most (32 * 128 / 7), | |||||
* i.e. 586 bytes long. | |||||
* | |||||
* Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 | |||||
*/ | |||||
if (len > 586) | |||||
goto err; | |||||
while (len > 0) { | while (len > 0) { | ||||
l = 0; | l = 0; | ||||
use_bn = 0; | use_bn = 0; | ||||
Context not available. |