@fidm/asn1 OID parser is naive and has a common implementation bug. It supports second arc decoding up to 39, although only 0.x and 1.x arcs are limited to 39 while the 2.x is unlimited.
The specification, i.e., ITU-T X.690 (08/2015) 8.1.94 has explicit note on this:
This packing of the first two object identifier components recognizes that only three values are allocated from the root node, and at most 39 subsequent values from nodes reached by X = 0 and X = 1.
OIDs are the essential building block of an X509 certificate, and using a flawed parser may lead to unforeseen consequences and bugs.
Test case
Encoded OID: 0603883703
Expected decoded value: 2.999.3
Actual decoded value: 3.16.55.3; NB: the first arc of 3 is invalid
@fidm/asn1
OID parser is naive and has a common implementation bug. It supports second arc decoding up to 39, although only0.x
and1.x
arcs are limited to 39 while the2.x
is unlimited.The specification, i.e., ITU-T X.690 (08/2015) 8.1.94 has explicit note on this:
OIDs are the essential building block of an X509 certificate, and using a flawed parser may lead to unforeseen consequences and bugs.
Test case
Encoded OID:
0603883703
Expected decoded value:2.999.3
Actual decoded value:3.16.55.3
; NB: the first arc of 3 is invalidSee more:
https://misc.daniel-marschall.de/asn.1/oid_facts.html https://misc.daniel-marschall.de/asn.1/oid-converter/online.php