Limit OIDs to 128 components

The longest OID known by oid-info.com is 34 components[1], so 128 should be plenty and will limit the potential for attacks. [1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48 Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-26 11:50:14 +01:00 · 2023-04-26 11:50:14 +01:00 · 9643575d92
commit 9643575d92
parent 861e5d2742
3 changed files with 9 additions and 1 deletions
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@ -63,6 +63,11 @@
 #define MBEDTLS_OID_X509_EXT_FRESHEST_CRL                (1 << 14)
 #define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE                (1 << 16)

+/*
+ * Maximum number of OID components allowed
+ */
+#define MBEDTLS_OID_MAX_COMPONENTS              128
+
 /*
 * Top level OID tuples
 */