[openssl/openssl] 703e85: Harden asn1 oid loader to invalid inputs

[Neil Horman]

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 703e85642471fcd16ce083fdf3b4e81e9be148cb
      https://github.com/openssl/openssl/commit/703e85642471fcd16ce083fdf3b4e81e9be148cb
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2023-12-15 (Fri, 15 Dec 2023)

  Changed paths:
    M crypto/asn1/asn_moid.c
    A test/recipes/04-test_asn1_parse.t
    A test/test_asn1_parse.cnf

  Log Message:
  -----------
  Harden asn1 oid loader to invalid inputs

In the event that a config file contains this sequence:
=======
openssl_conf = openssl_init

config_diagnostics = 1

[openssl_init]
oid_section = oids

[oids]
testoid1 = 1.2.3.4.1
testoid2 = A Very Long OID Name, 1.2.3.4.2
testoid3 = ,1.2.3.4.3
======

The leading comma in testoid3 can cause a heap buffer overflow, as the
parsing code will move the string pointer back 1 character, thereby
pointing to an invalid memory space

correct the parser to detect this condition and handle it by treating it
as if the comma doesn't exist (i.e. an empty long oid name)

(cherry picked from commit a552c23c6502592c1b3c67d93dd7e5ffbe958aa4)

Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23034)

(cherry picked from commit d802bfbf80bab00123a4a6209f255852b3a10207)