From 68e49ae4400c0ff68aac2e7c5f95725e7af0de40 Mon Sep 17 00:00:00 2001
From: Noel Remy <mocramis@gmail.com>
Date: Sun, 10 Nov 2019 16:45:30 +0100
Subject: Let Oid enforce positive decimal integers (#5053)

Failing that would lead to an OpenSSL error when calling OBJ_txt2obj at
serialization.

Adds basic tests for oids.
---
 src/cryptography/hazmat/_oid.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/_oid.py b/src/cryptography/hazmat/_oid.py
index 4b08722f..f98912f9 100644
--- a/src/cryptography/hazmat/_oid.py
+++ b/src/cryptography/hazmat/_oid.py
@@ -19,11 +19,16 @@ class ObjectIdentifier(object):
         # range 0..39.  All nodes must be integers.
         for node in nodes:
             try:
-                intnodes.append(int(node, 0))
+                node_value = int(node, 10)
             except ValueError:
                 raise ValueError(
                     "Malformed OID: %s (non-integer nodes)" % (
                         self._dotted_string))
+            if node_value < 0:
+                raise ValueError(
+                    "Malformed OID: %s (negative-integer nodes)" % (
+                        self._dotted_string))
+            intnodes.append(node_value)
 
         if len(nodes) < 2:
             raise ValueError(
-- 
cgit v1.2.3