From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 17 Feb 2025 23:53:22 +0000 (-0500)
Subject: further limit OID encoding
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66e4d930ac054edcfc6210c49d79386482cf10c4;p=thirdparty%2Ffreeradius-server.git

further limit OID encoding

due to rules of first 2 fields are (x*40) + y, if the first
component is 0 or 1, then the second component has to be 0..39

If the first component is 2, then the second component can be
anything.
---

diff --git a/src/protocols/der/encode.c b/src/protocols/der/encode.c
index 870b83e4665..4c2e5640cc5 100644
--- a/src/protocols/der/encode.c
+++ b/src/protocols/der/encode.c
@@ -499,7 +499,13 @@ static ssize_t fr_der_encode_oid_to_str(fr_dbuff_t *dbuff, const char *oid_str)
 		 *	The initial packed field has the first two compenents included, as (x * 40) + y.
 		 */
 		if (first) {
-			if (oid > (((unsigned long long) 1) << 60)) goto invalid_oid; /* avoid overflow */
+			if (first_component < 2) {
+				if (oid >= 40) goto invalid_oid;
+
+			} else {
+				if (oid > (((unsigned long long) 1) << 60)) goto invalid_oid; /* avoid overflow */
+			}
+
 			first = false;
 			oid += first_component * 40;
 		}