[openssl-commits] [openssl] master update

Kurt Roeckx kurt at openssl.org
Sun Jan 15 21:21:42 UTC 2017 

The branch master has been updated
       via  c2ce477f1f3c0a98802fb087b0cf4b0a99ea2b1d (commit)
       via  68d4bcfd0651c7ea5d37ca52abc0d2e6e6b3bd20 (commit)
       via  244d7b288f2b9ab7f6a2dbf068eccd6e20d9eef6 (commit)
      from  a470f02360b147fa73f94881ba96c367c593427f (commit)


- Log -----------------------------------------------------------------
commit c2ce477f1f3c0a98802fb087b0cf4b0a99ea2b1d
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sat Jan 14 16:10:25 2017 +0100

    Fix undefined behaviour when printing the X509 and CRL version
    
    Found by oss-fuzz
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    GH: #2231

commit 68d4bcfd0651c7ea5d37ca52abc0d2e6e6b3bd20
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sun Jan 15 12:33:45 2017 +0100

    Fix VC warnings about unary minus to an unsigned type.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    GH: #2230

commit 244d7b288f2b9ab7f6a2dbf068eccd6e20d9eef6
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sat Jan 14 15:58:42 2017 +0100

    Fix undefined behaviour when printing the X509 serial
    
    Found by afl
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    GH: #2230

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/a_int.c  | 2 +-
 crypto/asn1/x_long.c | 2 +-
 crypto/bio/b_print.c | 2 +-
 crypto/x509/t_crl.c  | 5 ++++-
 crypto/x509/t_req.c  | 9 +++++++--
 crypto/x509/t_x509.c | 6 ++++--
 6 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 833322e..e0bcd6e 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -289,7 +289,7 @@ static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
             ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
             return 0;
         }
-        *pr = -(uint64_t)r;
+        *pr = 0 - (uint64_t)r;
     } else {
         if (r > INT64_MAX) {
             ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index e86e4c7..c284471 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -76,7 +76,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
      * set.
      */
     if (ltmp < 0)
-        utmp = -(unsigned long)ltmp - 1;
+        utmp = 0 - (unsigned long)ltmp - 1;
     else
         utmp = ltmp;
     clen = BN_num_bits_word(utmp);
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index a46d8b1..e91ab6d 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -451,7 +451,7 @@ fmtint(char **sbuffer,
     if (!(flags & DP_F_UNSIGNED)) {
         if (value < 0) {
             signvalue = '-';
-            uvalue = -(unsigned LLONG)value;
+            uvalue = 0 - (unsigned LLONG)value;
         } else if (flags & DP_F_PLUS)
             signvalue = '+';
         else if (flags & DP_F_SPACE)
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index de0320d..f3ca6db 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -44,7 +44,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 
     BIO_printf(out, "Certificate Revocation List (CRL):\n");
     l = X509_CRL_get_version(x);
-    BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
+    if (l >= 0 && l <= 1)
+        BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
+    else
+        BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
     X509_CRL_get0_signature(x, &sig, &sig_alg);
     X509_signature_print(out, sig_alg, NULL);
     p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index 0fced67..77ce810 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -60,8 +60,13 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
     }
     if (!(cflag & X509_FLAG_NO_VERSION)) {
         l = X509_REQ_get_version(x);
-        if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, l) <= 0)
-            goto err;
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
     }
     if (!(cflag & X509_FLAG_NO_SUBJECT)) {
         if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index ce67046..5119c0e 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -93,12 +93,14 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
             l = -1;
         }
         if (l != -1) {
+            unsigned long ul;
             if (bs->type == V_ASN1_NEG_INTEGER) {
-                l = -l;
+                ul = 0 - (unsigned long)l;
                 neg = "-";
             } else
+                ul = l;
                 neg = "";
-            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0)
                 goto err;
         } else {
             neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";

More information about the openssl-commits mailing list