diff options
| author | Matt Caswell <matt@openssl.org> | 2017-03-27 16:11:11 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2017-04-04 11:16:47 +0200 |
| commit | 8b6277538350008a19f8015895972a5edf13da11 (patch) | |
| tree | 4a0a7a21f90840afd25d3acdfddd9a3ef63f7c35 /crypto/asn1 | |
| parent | 6fb4f30611e8e5a5598234463f644cb950de760d (diff) | |
Fix a possible integer overflow in long_c2i
Credit to OSS-Fuzz for finding this.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
Diffstat (limited to 'crypto/asn1')
| -rw-r--r-- | crypto/asn1/x_long.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 233725f8ff..615d24df08 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -149,6 +149,10 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, utmp |= cont[i]; } ltmp = (long)utmp; + if (ltmp < 0) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } if (neg) { ltmp = -ltmp; ltmp--; |