From: JohnnySavages <drokov@rutoken.ru>
Date: Sun, 25 May 2025 12:52:53 +0000 (-0400)
Subject: Add params precondition in ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get
X-Git-Tag: openssl-3.6.0-alpha1~564
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4a341e083011c5329dc327745cb671eef917cb0f;p=thirdparty%2Fopenssl.git

Add params precondition in ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27707)
---

diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 6b2288f1ede..14b57ac5a9b 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -129,6 +129,11 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
     int idx;
     ASN1_STRING_TABLE fnd;
 
+    if (nid <= 0) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG
     /* "stable" can be impacted by config, so load the config file first */
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
@@ -190,6 +195,11 @@ int ASN1_STRING_TABLE_add(int nid,
 {
     ASN1_STRING_TABLE *tmp;
 
+    if (nid <= 0 || (minsize >= 0 && maxsize >= 0 && minsize > maxsize)) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
     tmp = stable_get(nid);
     if (tmp == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);