Fix bug in oid_get_numeric_string() Overflow check was done too early, causing many false positives.

commit: dffba8f63eb833c4c7347a62042237203da80f9a [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jul 01 17:33:31 2013 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jul 08 17:32:26 2013 +0200
tree: 15fccaabe439725973d4c519603e022949b5b559
parent: 444b42710a47b4d62b38567242d30c5cacf59125 [diff] [blame]
diff --git a/library/oid.c b/library/oid.c
index 5cd9a59..2de7806 100644
--- a/library/oid.c
+++ b/library/oid.c

@@ -33,6 +33,7 @@
 #include "polarssl/rsa.h"
 
 #include <stdio.h>
+#include <limits.h>
 
 /*
  * Macro to generate an internal function for oid_XXX_from_asn1() (used by
@@ -521,13 +522,13 @@
         SAFE_SNPRINTF();
     }
 
-    /* Prevent overflow in value. */
-    if( oid->len > sizeof(value) )
-        return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
-
     value = 0;
     for( i = 1; i < oid->len; i++ )
     {
+        /* Prevent overflow in value. */
+        if (value > (UINT_MAX >> 7) )
+            return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
+
         value <<= 7;
         value += oid->p[i] & 0x7F;
commit	dffba8f63eb833c4c7347a62042237203da80f9a	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jul 01 17:33:31 2013 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jul 08 17:32:26 2013 +0200
tree	15fccaabe439725973d4c519603e022949b5b559
parent	444b42710a47b4d62b38567242d30c5cacf59125 [diff] [blame]