From f3f8e72f494b36d05e0d04fe418f92b692fbb261 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 22 Mar 2018 14:33:05 +0000 Subject: [PATCH] Don't write out a bad OID If we don't have OID data for an object then we should fail if we are asked to encode the ASN.1 for that OID. Fixes #5723 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5725) (cherry picked from commit 53c9818e970fc0c22d77e19fda3b3e6f6c9e759d) --- crypto/asn1/tasn_enc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 081a9d534f..1f534df065 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, otmp = (ASN1_OBJECT *)*pval; cont = otmp->data; len = otmp->length; + if (cont == NULL || len == 0) + return -1; break; case V_ASN1_NULL: -- 2.25.1