From 1be013d08e381b2bea21fa97fa5b3584e1245f6d Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 15 Oct 2019 16:37:24 +0200
Subject: [PATCH] asn1: Fix undefined shift in OID parser

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16618
---
 src/libopensc/asn1.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c
index 33bd7623..ce95bbf2 100644
--- a/src/libopensc/asn1.c
+++ b/src/libopensc/asn1.c
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 
 #include "internal.h"
 #include "asn1.h"
@@ -816,6 +817,11 @@ sc_asn1_decode_object_id(const u8 *inbuf, size_t inlen, struct sc_object_id *id)
 		a = *p & 0x7F;
 		inlen--;
 		while (inlen && *p & 0x80) {
+			/* Limit the OID values to int size and do not overflow */
+			if (a > (INT_MAX>>7)) {
+				sc_init_oid(id);
+				return SC_ERROR_NOT_SUPPORTED;
+			}
 			p++;
 			a <<= 7;
 			a |= *p & 0x7F;