• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1From 9e209944b35cf82368071f160a744b6178f9b098 Mon Sep 17 00:00:00 2001
2From: Richard Levitte <levitte@openssl.org>
3Date: Fri, 12 May 2023 10:00:13 +0200
4Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
5 translate
6
7OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
8numeric text form.  For gigantic sub-identifiers, this would take a very
9long time, the time complexity being O(n^2) where n is the size of that
10sub-identifier.
11
12To mitigate this, a restriction on the size that OBJ_obj2txt() will
13translate to canonical numeric text form is added, based on RFC 2578
14(STD 58), which says this:
15
16> 3.5. OBJECT IDENTIFIER values
17>
18> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
19> For the SMIv2, each number in the list is referred to as a sub-identifier,
20> there are at most 128 sub-identifiers in a value, and each sub-identifier
21> has a maximum value of 2^32-1 (4294967295 decimal).
22
23Fixes otc/security#96
24Fixes CVE-2023-2650
25
26Reviewed-by: Matt Caswell <matt@openssl.org>
27Reviewed-by: Tomas Mraz <tomas@openssl.org>
28---
29 crypto/objects/obj_dat.c | 19 +++++++++++++++++++
30
31diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
32index 7e8de727f3..d699915b20 100644
33--- a/crypto/objects/obj_dat.c
34+++ b/crypto/objects/obj_dat.c
35@@ -428,6 +428,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
36     first = 1;
37     bl = NULL;
38
39+    /*
40+     * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
41+     *
42+     * > 3.5. OBJECT IDENTIFIER values
43+     * >
44+     * > An OBJECT IDENTIFIER value is an ordered list of non-negative
45+     * > numbers. For the SMIv2, each number in the list is referred to as a
46+     * > sub-identifier, there are at most 128 sub-identifiers in a value,
47+     * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
48+     * > decimal).
49+     *
50+     * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
51+     * i.e. 586 bytes long.
52+     *
53+     * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
54+     */
55+    if (len > 586)
56+        goto err;
57+
58     while (len > 0) {
59         l = 0;
60         use_bn = 0;
61--
622.34.1
63
64