From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 17 May 2024 10:05:24 +0000 (+0200)
Subject: x509asn1: return error on missing OID
X-Git-Tag: curl-8_8_0~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13ca4386ba4b0f9721b6f482dfd2a858c38320a9;p=thirdparty%2Fcurl.git

x509asn1: return error on missing OID

to avoid crash when dereferencing a NULL pointer.

Reported-by: Trzik on github
Patch-by: Trzik on github
Fixes #13684
Closes #13685
---

diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index da079361d2..4564ea958a 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -160,6 +160,7 @@ static const struct Curl_OID OIDtable[] = {
   { "2.16.840.1.101.3.4.2.1",   "sha256" },
   { "2.16.840.1.101.3.4.2.2",   "sha384" },
   { "2.16.840.1.101.3.4.2.3",   "sha512" },
+  { "1.2.840.113549.1.9.2",     "unstructuredName" },
   { (const char *) NULL,        (const char *) NULL }
 };
 
@@ -467,6 +468,8 @@ static CURLcode OID2str(struct dynbuf *store,
         const struct Curl_OID *op = searchOID(Curl_dyn_ptr(&buf));
         if(op)
           result = Curl_dyn_add(store, op->textoid);
+        else
+          result = CURLE_BAD_FUNCTION_ARGUMENT;
         Curl_dyn_free(&buf);
       }
     }