From 4a341e083011c5329dc327745cb671eef917cb0f Mon Sep 17 00:00:00 2001
From: JohnnySavages <drokov@rutoken.ru>
Date: Sun, 25 May 2025 08:52:53 -0400
Subject: [PATCH] Add params precondition in ASN1_STRING_TABLE_add,
 ASN1_STRING_TABLE_get

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27707)
---
 crypto/asn1/a_strnid.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 6b2288f1ede..14b57ac5a9b 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -129,6 +129,11 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
     int idx;
     ASN1_STRING_TABLE fnd;
 
+    if (nid <= 0) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG
     /* "stable" can be impacted by config, so load the config file first */
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
@@ -190,6 +195,11 @@ int ASN1_STRING_TABLE_add(int nid,
 {
     ASN1_STRING_TABLE *tmp;
 
+    if (nid <= 0 || (minsize >= 0 && maxsize >= 0 && minsize > maxsize)) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
     tmp = stable_get(nid);
     if (tmp == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
-- 
2.47.2