diff options
author | Drokov Pavel <drokov@rutoken.ru> | 2024-01-12 02:10:17 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-15 10:50:07 +0100 |
commit | 60dc128b0f4ab0fec8198ce1724160d0750273b0 (patch) | |
tree | 3177ff0651bf0367a5fd091fdd802167321ed5fd | |
parent | 29463f17f2f7978e67b74e3f76bad1c126d34bed (diff) |
Fix arithmetic expression overflow
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)
(cherry picked from commit 486ab0fb003d05f89620662260486d31bd3faa8c)
-rw-r--r-- | crypto/objects/obj_dat.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index ec78962d7b..40a3eef93c 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -136,7 +136,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) a = ca->obj; switch (ca->type) { case ADDED_DATA: - ret = a->length << 20L; + ret = (unsigned long)a->length << 20UL; p = (unsigned char *)a->data; for (i = 0; i < a->length; i++) ret ^= p[i] << ((i * 3) % 24); |