From 9643575d92440b8efc91cb60b7f0270e23f5fae8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 26 Apr 2023 11:50:14 +0100 Subject: [PATCH] Limit OIDs to 128 components The longest OID known by oid-info.com is 34 components[1], so 128 should be plenty and will limit the potential for attacks. [1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48 Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 5 +++++ library/oid.c | 2 +- tests/suites/test_suite_oid.data | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index b2f5dd196b..1d73506dc4 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -63,6 +63,11 @@ #define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) #define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) +/* + * Maximum number of OID components allowed + */ +#define MBEDTLS_OID_MAX_COMPONENTS 128 + /* * Top level OID tuples */ diff --git a/library/oid.c b/library/oid.c index 139a707c8e..8da4103803 100644 --- a/library/oid.c +++ b/library/oid.c @@ -963,7 +963,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, /* Allocate maximum possible required memory: * There are (num_dots + 1) integer components, but the first 2 share the * same subidentifier, so we only need num_dots subidentifiers maximum. */ - if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) { + if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } size_t max_possible_bytes = num_dots * sizeof(unsigned int); diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index d4a7dea21d..c5f13175b8 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -158,3 +158,6 @@ oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID from numeric string - non-'.' separator between third and fourth oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - OID greater than max length (129 components) +oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""