diff options
author | Drokov Pavel <drokov@rutoken.ru> | 2024-01-12 02:10:17 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-15 10:50:20 +0100 |
commit | 11f7b60b6ff4d2186f83fbe05f3ffbdebaa8572b (patch) | |
tree | e1b04c7fb9ba9141238a28deb05d33fd75ac8cde | |
parent | 023e881bacf3743a01666606e6ac5697d0f49784 (diff) |
Fix arithmetic expression overflow
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)
(cherry picked from commit 486ab0fb003d05f89620662260486d31bd3faa8c)
-rw-r--r-- | crypto/objects/obj_dat.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 85d30eb58a..d7e55d0e06 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -62,7 +62,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) a = ca->obj; switch (ca->type) { case ADDED_DATA: - ret = a->length << 20L; + ret = (unsigned long)a->length << 20UL; p = (unsigned char *)a->data; for (i = 0; i < a->length; i++) ret ^= p[i] << ((i * 3) % 24); |