diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index fd45285b49..4c3e7f9f52 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -417,33 +417,65 @@ static CURLcode utf8asn1str(struct dynbuf *to, int type, const char *from,
}
/*
- * Convert an ASN.1 OID into its dotted string representation.
+ * Convert an ASN.1 OID into its dotted string representation. Each field is
+ * limited to unsigned 32-bit values.
+ *
+ * A minor limitation is in the second number, which can be no larger than 32
+ * bits - 80 == 4294967215.
*
* Return error code.
+ *
+ * @unittest 1666
*/
-static CURLcode encodeOID(struct dynbuf *store,
- const char *beg, const char *end)
+UNITTEST CURLcode encodeOID(struct dynbuf *buf, const char *b, const char *e);
+UNITTEST CURLcode encodeOID(struct dynbuf *store,
+ const char *beg, const char *end)
{
- unsigned int x;
- unsigned int y;
+ uint32_t x;
+ uint32_t y;
CURLcode result = CURLE_OK;
- /* Process the first two numbers. */
- y = *(const unsigned char *)beg++;
- x = y / 40;
- y -= x * 40;
+ if(end <= beg)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
- result = curlx_dyn_addf(store, "%u.%u", x, y);
+ /* Process the first two numbers. The initial digit cannot be larger than
+ 2 */
+ y = *(const unsigned char *)beg++;
+ if(y <= 80)
+ x = y / 40;
+ else
+ x = 2;
+ result = curlx_dyn_addf(store, "%u", x);
+ if(result)
+ return result;
+
+ if(y & 0x80) {
+ uint32_t t = (y & 0x7f); /* the second number */
+ if(!t)
+ /* reject leading 0x80 padding */
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ do {
+ if((t & 0xFE000000) || (beg >= end))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ y = *(const unsigned char *)beg++;
+ t = (t << 7) | (y & 0x7F);
+ } while(y & 0x80);
+ y = t;
+ }
+
+ result = curlx_dyn_addf(store, ".%u", y - (x * 40));
if(result)
return result;
/* Process the trailing numbers. */
- while(beg < end) {
+ while((beg < end) && !result) {
x = 0;
+ y = 0;
do {
- if(x & 0xFF000000)
+ /* 0x80 as the first value is invalid since it only adds padding */
+ if((y & 0x80) && !x)
return CURLE_BAD_FUNCTION_ARGUMENT;
- else if(beg == end)
+ else if((x & 0xFE000000) || (beg == end))
return CURLE_BAD_FUNCTION_ARGUMENT;
y = *(const unsigned char *)beg++;
x = (x << 7) | (y & 0x7F);
@@ -460,26 +492,22 @@ static CURLcode encodeOID(struct dynbuf *store,
*/
static CURLcode OID2str(struct dynbuf *store,
- const char *beg, const char *end, bool symbolic)
+ const char *beg, const char *end)
{
CURLcode result = CURLE_OK;
if(beg < end) {
- if(symbolic) {
- struct dynbuf buf;
- curlx_dyn_init(&buf, CURL_X509_STR_MAX);
- result = encodeOID(&buf, beg, end);
+ struct dynbuf buf;
+ curlx_dyn_init(&buf, CURL_X509_STR_MAX);
+ result = encodeOID(&buf, beg, end);
- if(!result) {
- const struct Curl_OID *op = searchOID(curlx_dyn_ptr(&buf));
- if(op)
- result = curlx_dyn_add(store, op->textoid);
- else
- result = curlx_dyn_add(store, curlx_dyn_ptr(&buf));
- }
- curlx_dyn_free(&buf);
+ if(!result) {
+ const struct Curl_OID *op = searchOID(curlx_dyn_ptr(&buf));
+ if(op)
+ result = curlx_dyn_add(store, op->textoid);
+ else
+ result = curlx_dyn_add(store, curlx_dyn_ptr(&buf));
}
- else
- result = encodeOID(store, beg, end);
+ curlx_dyn_free(&buf);
}
return result;
}
@@ -647,7 +675,7 @@ static CURLcode ASN1tostr(struct dynbuf *store,
result = curlx_dyn_addn(store, "", 1);
break;
case CURL_ASN1_OBJECT_IDENTIFIER:
- result = OID2str(store, elem->beg, elem->end, TRUE);
+ result = OID2str(store, elem->beg, elem->end);
break;
case CURL_ASN1_UTC_TIME:
result = UTime2str(store, elem->beg, elem->end);
@@ -905,7 +933,7 @@ static CURLcode dumpAlgo(struct dynbuf *store,
if(!p)
return CURLE_BAD_FUNCTION_ARGUMENT;
}
- return OID2str(store, oid.beg, oid.end, TRUE);
+ return OID2str(store, oid.beg, oid.end);
}
/*
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 08550da33b..67c7b123c9 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -222,6 +222,7 @@ test1640 test1641 test1642 test1643 \
\
test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 \
test1658 test1659 test1660 test1661 test1662 test1663 test1664 test1665 \
+test1666 \
\
test1670 test1671 \
\
diff --git a/tests/data/test1666 b/tests/data/test1666
new file mode 100644
index 0000000000..e9c57860c5
--- /dev/null
+++ b/tests/data/test1666
@@ -0,0 +1,20 @@
+
+
+
+
+unittest
+encodeOID
+x509asn1
+
+
+
+# Client-side
+
+
+unittest
+
+
+encodeOID unit tests
+
+
+
diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
index e4243a9bfd..c03658261c 100644
--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
@@ -41,6 +41,7 @@ TESTS_C = \
unit1636.c \
unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c \
unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c \
+ unit1666.c \
unit1979.c unit1980.c \
unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c \
unit3200.c unit3205.c \
diff --git a/tests/unit/unit1666.c b/tests/unit/unit1666.c
new file mode 100644
index 0000000000..ae24a2cebf
--- /dev/null
+++ b/tests/unit/unit1666.c
@@ -0,0 +1,205 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, , et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "unitcheck.h"
+
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_MBEDTLS) || \
+ defined(USE_RUSTLS)
+
+#include "vtls/x509asn1.h"
+#include "vtls/vtls.h"
+
+struct test_1666 {
+ const char *oid;
+ const size_t size;
+ const char *dotted;
+ CURLcode result_exp;
+};
+
+/* the size of the object needs to deduct the null terminator */
+#define OID(x) x, sizeof(x) - 1
+
+static bool test1666(const struct test_1666 *spec, size_t i,
+ struct dynbuf *dbuf)
+{
+ CURLcode result;
+ const char *oid = spec->oid;
+ bool ok = TRUE;
+
+ curlx_dyn_reset(dbuf);
+ result = encodeOID(dbuf, oid, oid + spec->size);
+ if(result != spec->result_exp) {
+ curl_mfprintf(stderr, "test %zu: expect result %d, got %d\n",
+ i, spec->result_exp, result);
+ if(!spec->result_exp) {
+ curl_mfprintf(stderr, "test %zu: expected output '%s'\n",
+ i, spec->dotted);
+ }
+ ok = FALSE;
+ }
+ else if(!result && strcmp(spec->dotted, curlx_dyn_ptr(dbuf))) {
+ curl_mfprintf(stderr,
+ "test %zu: expected output '%s', got '%s'\n",
+ i, spec->dotted, curlx_dyn_ptr(dbuf));
+ ok = FALSE;
+ }
+
+ return ok;
+}
+
+static CURLcode test_unit1666(const char *arg)
+{
+ UNITTEST_BEGIN_SIMPLE
+
+ static const struct test_1666 test_specs[] = {
+ { "", 0, "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { "\x81", 0, "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x8F\xFF\xFF\xFF\x7F"), "2.4294967215", CURLE_OK },
+ { OID("\x90\x80\x80\x80\x00"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x88\x80\x80\x80\x4F"), "2.2147483647", CURLE_OK },
+ { OID("\x88\x80\x80\x80\x50"), "2.2147483648", CURLE_OK },
+ { OID("\x88\x80\x80\x80\x51"), "2.2147483649", CURLE_OK },
+ { OID("\x88\x80\x80\x80\x52"), "2.2147483650", CURLE_OK },
+ { OID("\x8F\xFF\xFF\xFF\x7F\x8F\xFF\xFF\xFF\x7F"),
+ "2.4294967215.4294967295", CURLE_OK },
+ { OID("\xB7\x28\x02"), "2.7000.2", CURLE_OK },
+ { OID("\x81\x00"), "2.48", CURLE_OK },
+ { OID("\x81\x00\x01"), "2.48.1", CURLE_OK },
+ { OID("\x81\x00\x02"), "2.48.2", CURLE_OK },
+ { OID("\xC0\x80\x81\x1F"), "2.134217807", CURLE_OK },
+ { OID("\x2b\x06\x01\x04\x01\x82\x37\x15\x14"), "1.3.6.1.4.1.311.21.20",
+ CURLE_OK },
+ { OID("\x2b\x06\x01\x04\x01\x82\x37\x15"), "1.3.6.1.4.1.311.21",
+ CURLE_OK },
+ { OID("\x2b\x06\x01\x04\x01\x82\x37"), "1.3.6.1.4.1.311", CURLE_OK },
+ { OID("\x2b\x06\x01\x04\x01"), "1.3.6.1.4.1", CURLE_OK },
+ { OID("\x2b\x06\x01\x04"), "1.3.6.1.4", CURLE_OK },
+ { OID("\x2b\x06\x01"), "1.3.6.1", CURLE_OK },
+ { OID("\x2b\x06"), "1.3.6", CURLE_OK },
+ { OID("\x2b"), "1.3", CURLE_OK },
+ { OID("\x2c"), "1.4", CURLE_OK },
+ { OID("\x2d"), "1.5", CURLE_OK },
+ { OID("\x2e"), "1.6", CURLE_OK },
+ { OID("\x2f"), "1.7", CURLE_OK },
+ { OID("\x30"), "1.8", CURLE_OK },
+ { OID("\x31"), "1.9", CURLE_OK },
+ { OID("\x32"), "1.10", CURLE_OK },
+ { OID("\x50"), "2.0", CURLE_OK },
+ { OID("\x7f"), "2.47", CURLE_OK },
+ { OID("\xff\x7f"), "2.16303", CURLE_OK },
+ { OID("\xff"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\xff\x80\x01"), "2.2080689", CURLE_OK },
+ { OID("\xff\x80\x80\x01"), "2.266338225", CURLE_OK },
+ { OID("\x80\x80\x80\x80\x01"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\x80\x80\x80\x80\x01"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\x80\x80\x80\x80\x80\x01"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\xff\x7f"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\xff\xff\xff\x7f"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x2b\xff\xff\xff\xff\x7f"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\x80"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\x80\x80"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\x80\x80\x80"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\x80\x80\x80\x80"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x80\x80\x80\x80\x80\x80"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x2b\x06\x01\x04\x01\xee"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x00"), "0.0", CURLE_OK },
+ { OID("\x01"), "0.1", CURLE_OK },
+ { OID("\x02"), "0.2", CURLE_OK },
+ { OID("\x03"), "0.3", CURLE_OK },
+ { OID("\x04"), "0.4", CURLE_OK },
+ { OID("\x05"), "0.5", CURLE_OK },
+ { OID("\x2b\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"),
+ "1.3.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1"
+ ".1.1.1.1.1.1.1.1", CURLE_OK },
+ { OID("\x2b\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64"
+ "\x64\x64\x64\x64\x64\x64\x64\x64\x64\x7f"),
+ "", CURLE_TOO_LARGE },
+ { OID("\x2b\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64"
+ "\x64\x64\x64\x64\x64\x64\x64\x64\x64\x63"),
+ "", CURLE_TOO_LARGE },
+ { OID("\x2b\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64\x64"
+ "\x64\x64\x64\x64\x64\x64\x64\x64\x64\x09"),
+ "", CURLE_TOO_LARGE },
+ { OID("\x2b\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01\x01"),
+ "", CURLE_TOO_LARGE },
+ /* one byte shorter than the previous is just below the limit: */
+ { OID("\x2b\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
+ "\x01\x01\x01\x01\x01\x01\x01"),
+ "1.3.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1"
+ ".1.1.1.1.1.1.1.1.1.1.1.1.1.1.1", CURLE_OK },
+ { OID("\x78"), "2.40", CURLE_OK },
+ { OID("\x81\x34"), "2.100", CURLE_OK },
+ { OID("\x2b\x00\x01"), "1.3.0.1", CURLE_OK },
+ { OID("\x2b\x06\x01\x00"), "1.3.6.1.0", CURLE_OK },
+ { OID("\x2b\x8f\xff\xff\xff\x7f"), "1.3.4294967295", CURLE_OK },
+ { OID("\x2b\x81\x00"), "1.3.128", CURLE_OK },
+ { OID("\x2b\x80\x05"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x2b\x80\x80\x01"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ { OID("\x2b\x06\x81"), "", CURLE_BAD_FUNCTION_ARGUMENT },
+ };
+
+ size_t i;
+ struct dynbuf dbuf;
+ bool all_ok = TRUE;
+
+ /* the real code uses CURL_X509_STR_MAX for maximum size, but we set a
+ smaller one here so that we can test running into the limit a little
+ easier */
+ curlx_dyn_init(&dbuf, 100);
+
+ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+ curl_mfprintf(stderr, "curl_global_init() failed\n");
+ return TEST_ERR_MAJOR_BAD;
+ }
+
+ for(i = 0; i < CURL_ARRAYSIZE(test_specs); ++i) {
+ if(!test1666(&test_specs[i], i, &dbuf))
+ all_ok = FALSE;
+ }
+ fail_unless(all_ok, "some tests of encodeOID() failed");
+
+ curlx_dyn_free(&dbuf);
+ curl_global_cleanup();
+
+ UNITTEST_END_SIMPLE
+}
+
+#undef OID
+
+#else
+
+static CURLcode test_unit1666(const char *arg)
+{
+ UNITTEST_BEGIN_SIMPLE
+ puts("not tested since encodeOID() is not built in");
+ UNITTEST_END_SIMPLE
+}
+
+#endif