asn1: ber_write_OID_String() to be more picky about supplied OID

Now function will check for invalid OID handling cases where:
 - sub-identifier has invalid characters (non-digit)
 - 'dot' separator found on unexpected place. For instance
    '.' at start or end of the OID. Two '.' in a row.

diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 2a71f2f79def486810dbd9ab0254cf6afc191f9a..21d4bd43088d6a2dbb5f56d76cf9e6eb760c50c8 100644 (file)
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -221,10 +221,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
        char *newp;
        int i;
 
+       if (!isdigit(*p)) return false;
        v = strtoul(p, &newp, 10);
        if (newp[0] != '.') return false;
        p = newp + 1;
 
+       if (!isdigit(*p)) return false;
        v2 = strtoul(p, &newp, 10);
        if (newp[0] != '.') return false;
        p = newp + 1;
@@ -237,9 +239,12 @@ bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
 
        i = 1;
        while (*p) {
+               if (!isdigit(*p)) return false;
                v = strtoul(p, &newp, 10);
                if (newp[0] == '.') {
                        p = newp + 1;
+                       /* check for empty last component */
+                       if (!*p) return false;
                } else if (newp[0] == '\0') {
                        p = newp;
                } else {