Avoid IndexError on too-short OIDs, add test for regression

commit: f9c30b39f28f25c7da462fe16d989c2050dee2a7 [log] [tgz]
author: Nick Bastin <nick.bastin@gmail.com> Thu Dec 17 05:28:49 2015 -0800
committer: Nick Bastin <nick.bastin@gmail.com> Thu Dec 17 05:28:49 2015 -0800
tree: df6a81c67c74cd4916a6279fc8dbad08d1bc63e0
parent: 6721fb8dd70a2d392aa70b67b35e3c6efa34230b [diff]
diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index ba77a8b..f5dc2f8 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py

@@ -26,6 +26,11 @@
                     "Malformed OID: %s (non-integer nodes)" % (
                         self._dotted_string))
 
+        if len(nodes) < 2:
+            raise ValueError(
+                "Malformed OID: %s (insufficient number of nodes)" % (
+                    self._dotted_string)
+
         if intnodes[0] > 2:
             raise ValueError(
                 "Malformed OID: %s (first node outside valid range)" % (

diff --git a/tests/test_x509.py b/tests/test_x509.py
index 164aff3..ccdff7c 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py

@@ -3251,6 +3251,10 @@
         oid = x509.ObjectIdentifier("2.999.1")
         assert oid._name == 'Unknown OID'
 
+    def test_too_short(self):
+        with pytest.raises(ValueError):
+            x509.ObjectIdentifier("1")
+
     def test_invalid_input(self):
         with pytest.raises(ValueError):
             x509.ObjectIdentifier("notavalidform")
commit	f9c30b39f28f25c7da462fe16d989c2050dee2a7	[log] [tgz]
author	Nick Bastin <nick.bastin@gmail.com>	Thu Dec 17 05:28:49 2015 -0800
committer	Nick Bastin <nick.bastin@gmail.com>	Thu Dec 17 05:28:49 2015 -0800
tree	df6a81c67c74cd4916a6279fc8dbad08d1bc63e0
parent	6721fb8dd70a2d392aa70b67b35e3c6efa34230b [diff]