[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Fri Apr 29 15:02:05 UTC 2016
The branch master has been updated
via 87a8405b66e94cbfc40c44104c3b52f342a623d5 (commit)
from a1f41284d7eb3c72096ae9cbd6a0673c0bb0d267 (commit)
- Log -----------------------------------------------------------------
commit 87a8405b66e94cbfc40c44104c3b52f342a623d5
Author: David Benjamin <davidben at google.com>
Date: Wed Apr 27 20:02:35 2016 -0400
Avoid overflow issues in X509_cmp.
The length is a long, so returning the difference does not quite work.
Thanks to Torbjörn Granlund for noticing.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_cmp.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index d3b2c19..831cfb7 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -187,9 +187,10 @@ int X509_cmp(const X509 *a, const X509 *b)
return rv;
/* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
- rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len);
- if (rv)
- return rv;
+ if (a->cert_info.enc.len < b->cert_info.enc.len)
+ return -1;
+ if (a->cert_info.enc.len > b->cert_info.enc.len)
+ return 1;
return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
a->cert_info.enc.len);
}
More information about the openssl-commits
mailing list