New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CryptoConfig.EncodeOID Bug - "Value was either too large or too small for an Int32." #44
Comments
Thanks for report, I will take a look into it. Stuff in |
A follow-up. I've updated Asn1Parser library to address mentioned issues as follows:
Here is the test (in PowerShell): PS C:\> $oid = New-Object SysadminsLV.Asn1Parser.Universal.Asn1ObjectIdentifier "1.2.999.18446744073709551615456"
PS C:\> [SysadminsLV.Asn1Parser.Asn1Utils]::DecodeObjectIdentifier($oid.RawData)
Value FriendlyName
----- ------------
1.2.999.18446744073709551615456
PS C:\> [SysadminsLV.Asn1Parser.Asn1Utils]::DecodeObjectIdentifier($oid.RawData)
Value FriendlyName
----- ------------
1.2.999.18446744073709551615456 I chose |
Awesome! I appreciate the really fast response! |
fixed in v4.0.1 |
Multiple places in the code and its dependent libraries end up calling .NET's
CryptoConfig.EncodeOID
:pkix.net/PKI/Cryptography/Oid2.cs
Line 402 in a6847f6
pkix.net/PKI/Cryptography/Oid2.cs
Line 464 in a6847f6
SysadminsLV.Asn1Parser.Asn1Utils.EncodeObjectIdentifier
uses it as well and it is used extensively throughout the code base:There appears to be an integer parsing bug in
CryptoConfig.EncodeOID
. The following PowerShell demonstrates this bug.The bug is due to the following code in .NET's
CryptoConfig.EncodeOID
function:Note that the code use splits the OID string by periods, and then attempts to parse each numeric value using
int.Parse
. The bug is2473183039
is a valid OID value, but it is too large forint.Parse
to handle. As such, theValue was either too large or too small for an Int32.
exception gets thrown.We originally encountered bug when using PSPKI's
Get-CATemplate
cmdlet in an environment where AD CS assigned a template OID that caused the exception. In that case,pkix.net
appears to useCryptoConfig.EncodeOID
primarly for OID input validation (just making sure it's a well-formed OID). I'd suggest implementing your own function to do the validation until .NET can fix the bug upstream. Other places in the code, however, appear to useSysadminsLV.Asn1Parser.Asn1Utils.EncodeObjectIdentifier
to get the OID bytes, so a replacement forCryptoConfig.EncodeOID
may be needed in those instances.The text was updated successfully, but these errors were encountered: