[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Apr 11 14:33:23 UTC 2017
The branch master has been updated
via 0856e3f167964f58c26796331eab9d8b0a883921 (commit)
from 745dec3aed750d681a81a049152edbb57c1f8c2d (commit)
- Log -----------------------------------------------------------------
commit 0856e3f167964f58c26796331eab9d8b0a883921
Author: Matt Caswell <matt at openssl.org>
Date: Mon Apr 10 17:33:29 2017 +0100
Reject decoding of an INT64 with a value >INT64_MAX
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3159)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_int64.c | 5 +++++
test/asn1_encode_test.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
index 9da692c..33e4061 100644
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
@@ -71,6 +71,11 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
return 0;
}
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && !neg && utmp > INT64_MAX) {
+ ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+ return 0;
+ }
memcpy(cp, &utmp, sizeof(utmp));
return 1;
}
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 9b33314..45e3005 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -372,7 +372,7 @@ static ASN1_INT64_DATA int64_expected[] = {
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
- CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 (too large positive) */
CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_4_neg */
More information about the openssl-commits
mailing list