diff options
author | Matt Caswell <matt@openssl.org> | 2017-04-10 17:33:29 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-11 15:29:42 +0100 |
commit | 0856e3f167964f58c26796331eab9d8b0a883921 (patch) | |
tree | 62eb11a4c6e626a5e82fbbda7bcd4f162dae102e /crypto | |
parent | 745dec3aed750d681a81a049152edbb57c1f8c2d (diff) |
Reject decoding of an INT64 with a value >INT64_MAX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3159)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/x_int64.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c index 9da692ca6f..33e4061699 100644 --- a/crypto/asn1/x_int64.c +++ b/crypto/asn1/x_int64.c @@ -71,6 +71,11 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE); return 0; } + if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED + && !neg && utmp > INT64_MAX) { + ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE); + return 0; + } memcpy(cp, &utmp, sizeof(utmp)); return 1; } |