From 6721fb8dd70a2d392aa70b67b35e3c6efa34230b Mon Sep 17 00:00:00 2001
From: Nick Bastin <nick.bastin@gmail.com>
Date: Mon, 14 Dec 2015 12:26:24 -0800
Subject: OID validation

---
 src/cryptography/x509/oid.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index ead40169..ba77a8b8 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -12,6 +12,30 @@ class ObjectIdentifier(object):
     def __init__(self, dotted_string):
         self._dotted_string = dotted_string
 
+        nodes = self._dotted_string.split(".")
+        intnodes = []
+
+        # There must be at least 2 nodes, the first node must be 0..2, and
+        # if less than 2, the second node cannot have a value outside the
+        # range 0..39.  All nodes must be integers.
+        for node in nodes:
+            try:
+                intnodes.append(int(node, 0))
+            except ValueError:
+                raise ValueError(
+                    "Malformed OID: %s (non-integer nodes)" % (
+                        self._dotted_string))
+
+        if intnodes[0] > 2:
+            raise ValueError(
+                "Malformed OID: %s (first node outside valid range)" % (
+                    self._dotted_string))
+
+        if intnodes[0] < 2 and intnodes[1] >= 40:
+            raise ValueError(
+                "Malformed OID: %s (second node outside valid range)" % (
+                    self._dotted_string))
+
     def __eq__(self, other):
         if not isinstance(other, ObjectIdentifier):
             return NotImplemented
-- 
cgit v1.2.3


From f9c30b39f28f25c7da462fe16d989c2050dee2a7 Mon Sep 17 00:00:00 2001
From: Nick Bastin <nick.bastin@gmail.com>
Date: Thu, 17 Dec 2015 05:28:49 -0800
Subject: Avoid IndexError on too-short OIDs, add test for regression

---
 src/cryptography/x509/oid.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index ba77a8b8..f5dc2f81 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -26,6 +26,11 @@ class ObjectIdentifier(object):
                     "Malformed OID: %s (non-integer nodes)" % (
                         self._dotted_string))
 
+        if len(nodes) < 2:
+            raise ValueError(
+                "Malformed OID: %s (insufficient number of nodes)" % (
+                    self._dotted_string)
+
         if intnodes[0] > 2:
             raise ValueError(
                 "Malformed OID: %s (first node outside valid range)" % (
-- 
cgit v1.2.3


From 241c390d5622be832b034141a634eeac38e325fb Mon Sep 17 00:00:00 2001
From: Nick Bastin <nick.bastin@gmail.com>
Date: Thu, 17 Dec 2015 05:30:07 -0800
Subject: Typo

---
 src/cryptography/x509/oid.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index f5dc2f81..27fab86b 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -29,7 +29,7 @@ class ObjectIdentifier(object):
         if len(nodes) < 2:
             raise ValueError(
                 "Malformed OID: %s (insufficient number of nodes)" % (
-                    self._dotted_string)
+                    self._dotted_string))
 
         if intnodes[0] > 2:
             raise ValueError(
-- 
cgit v1.2.3