From 4b3a20dc7e66c6c0683a7a1b6521dbc5d287ac1b Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 31 Mar 2017 21:31:43 +0200
Subject: Fix faulty check of padding in x_long.c

Bug uncovered by test

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
---
 crypto/asn1/x_long.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'crypto')

diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 615d24df08..a7b90231c0 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -110,7 +110,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     unsigned long utmp = 0;
     char *cp = (char *)pval;
 
-    if (len) {
+    if (len > 1) {
         /*
          * Check possible pad byte.  Worst case, we're skipping past actual
          * content, but since that's only with 0x00 and 0xff and we set neg
@@ -120,7 +120,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         case 0xff:
             cont++;
             len--;
-            neg = 1;
+            neg = 0x80;
             break;
         case 0:
             cont++;
@@ -139,6 +139,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
             neg = 1;
         else
             neg = 0;
+    } else if (neg == (cont[0] & 0x80)) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+        return 0;
     }
     utmp = 0;
     for (i = 0; i < len; i++) {
-- 
cgit v1.2.3