Skip to content

Commit cbdedf8

Browse files
authored
Avoid panic for overlong OIDs (#2598)
Clamp to maximum buffer size and indicate the truncation with trailing dots.
1 parent 1fc51ef commit cbdedf8

1 file changed

Lines changed: 24 additions & 2 deletions

File tree

openssl/src/asn1.rs

Lines changed: 24 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -723,15 +723,30 @@ impl fmt::Display for Asn1ObjectRef {
723723
fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
724724
unsafe {
725725
let mut buf = [0; 80];
726-
let len = ffi::OBJ_obj2txt(
726+
let mut clamped = false;
727+
let mut len = ffi::OBJ_obj2txt(
727728
buf.as_mut_ptr() as *mut _,
728729
buf.len() as c_int,
729730
self.as_ptr(),
730731
0,
731732
);
733+
if len <= 0 {
734+
return fmt.write_str("OBJ_obj2txt error");
735+
}
736+
if len > buf.len() as i32 {
737+
// omit trailing NUL
738+
len = (buf.len() - 1) as i32;
739+
clamped = true;
740+
}
732741
match str::from_utf8(&buf[..len as usize]) {
733742
Err(_) => fmt.write_str("error"),
734-
Ok(s) => fmt.write_str(s),
743+
Ok(s) => {
744+
if clamped {
745+
fmt.write_str(&(s.to_owned() + "..."))
746+
} else {
747+
fmt.write_str(s)
748+
}
749+
}
735750
}
736751
}
737752
}
@@ -893,6 +908,13 @@ mod tests {
893908
.expect_err("parsing invalid OID should fail");
894909
}
895910

911+
#[test]
912+
fn very_long_object() {
913+
let fifty_ones = "1.".repeat(49) + "1";
914+
let object = Asn1Object::from_str(&fifty_ones).unwrap();
915+
assert_eq!(object.as_ref().to_string(), "1.".repeat(40) + "..");
916+
}
917+
896918
#[test]
897919
#[cfg(ossl111)]
898920
fn object_to_slice() {

0 commit comments

Comments
 (0)