TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 62e7fae1090544357bcfaf209b9d87f8f827bfeb^! / . / library / oid.c
commit62e7fae1090544357bcfaf209b9d87f8f827bfeb[log] [tgz]
authorDavid Horstmann <david.horstmann@arm.com>Fri Jun 02 15:32:20 2023 +0100
committerDavid Horstmann <david.horstmann@arm.com>Fri Jun 02 15:51:28 2023 +0100
tree11e562d89b10ec1278cbf5de311b3e85da357dbd
parent02127ab02245936cb4869d8e2ed3b3fc378ef32b [diff] [blame]
Fix bug in calculation of maximum possible bytes

Each DER-encoded OID byte can only store 7 bits of actual data, so take
account of that.

Calculate the number of bytes required as:

number_of_bytes = ceil(subidentifier_size * 8 / 7)

Signed-off-by: David Horstmann <david.horstmann@arm.com>

diff --git a/library/oid.c b/library/oid.c
index b13c76b..88165d3 100644
--- a/library/oid.c
+++ b/library/oid.c

@@ -971,7 +971,14 @@
     if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
         return MBEDTLS_ERR_ASN1_INVALID_DATA;
     }
-    size_t max_possible_bytes = num_dots * sizeof(unsigned int);
+    /* Each byte can store 7 bits, calculate number of bytes for a
+     * subidentifier:
+     *
+     * bytes = ceil(subidentifer_size * 8 / 7)
+     */
+    size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7)
+                                     + 1;
+    size_t max_possible_bytes = num_dots * bytes_per_subidentifier;
     oid->p = mbedtls_calloc(max_possible_bytes, 1);
     if (oid->p == NULL) {
         return MBEDTLS_ERR_ASN1_ALLOC_FAILED;