[openssl] master update
dev at ddvo.net
dev at ddvo.net
Tue Jun 29 11:06:26 UTC 2021
The branch master has been updated
via 6eaf139f62001b958861f25c5cebc41c76c579bd (commit)
from b2eabccbe52d57f009b351700b472b42195380d9 (commit)
- Log -----------------------------------------------------------------
commit 6eaf139f62001b958861f25c5cebc41c76c579bd
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Jun 28 12:17:25 2021 +0200
ossl_cmp_error_new(): Fix Coverity issue 1486534, and consequently also issues 1486536 and 1486533
The issues are due to an integer overflow that may happen on '(ERR_SYSTEM_FLAG << 1)'.
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15938)
-----------------------------------------------------------------------
Summary of changes:
crypto/cmp/cmp_msg.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index fe4b64d575..4fef006933 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -748,7 +748,8 @@ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
goto err;
if (!ASN1_INTEGER_set_int64(msg->body->value.error->errorCode, errorCode))
goto err;
- if (errorCode > 0 && errorCode < (ERR_SYSTEM_FLAG << 1)) {
+ if (errorCode > 0
+ && (uint64_t)errorCode < ((uint64_t)ERR_SYSTEM_FLAG << 1)) {
lib = ERR_lib_error_string((unsigned long)errorCode);
reason = ERR_reason_error_string((unsigned long)errorCode);
}
More information about the openssl-commits
mailing list