Tolerate critical AKID in CRLs.

[oweals/openssl.git] / crypto / asn1 / a_object.c

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index e5fbe7cbb1042bb80fb1399cb52a1d3ac4f8a55f..ca73a281f5579b224e1dfab15b7161bcc525c94a 100644 (file)
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
                                goto err;
                                }
-                       if (!use_bn && l > (ULONG_MAX / 10L))
+                       if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
                                {
                                use_bn = 1;
                                if (!bl)
@@ -248,7 +248,11 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
                i2t_ASN1_OBJECT(p,i + 1,a);
                }
        if (i <= 0)
-               return BIO_write(bp, "<INVALID>", 9);
+                {
+                i = BIO_write(bp, "<INVALID>", 9);
+                i += BIO_dump(bp, (const char *)a->data, a->length);
+                return i;
+                }
        BIO_write(bp,p,i);
        if (p != buf)
                OPENSSL_free(p);
@@ -293,7 +297,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        /* Sanity check OID encoding: can't have leading 0x80 in
         * subidentifiers, see: X.690 8.19.2
         */
-       for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+       for (i = 0, p = *pp; i < len; i++, p++)
                {
                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
                        {