Fix a possible integer overflow in long_c2i

Credit to OSS-Fuzz for finding this. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
author: Matt Caswell <matt@openssl.org> 2017-03-27 16:11:11 +0100
committer: Richard Levitte <levitte@openssl.org> 2017-04-04 11:29:23 +0200
commit: 8ac6a53100bd6730a8824968ec25dccc727c29c9 (patch)
tree: 6e0458d6abccc5131e6d0e3ab19fe1188350603b /crypto/asn1/x_long.c
parent: 37332ecc010276b899810aa3ac26885bd9dcb57c (diff)
download: openssl-8ac6a53100bd6730a8824968ec25dccc727c29c9.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 233725f8ff..615d24df08 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -149,6 +149,10 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
             utmp |= cont[i];
     }
     ltmp = (long)utmp;
+    if (ltmp < 0) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
     if (neg) {
         ltmp = -ltmp;
         ltmp--;
author	Matt Caswell <matt@openssl.org>	2017-03-27 16:11:11 +0100
committer	Richard Levitte <levitte@openssl.org>	2017-04-04 11:29:23 +0200
commit	8ac6a53100bd6730a8824968ec25dccc727c29c9 (patch)
tree	6e0458d6abccc5131e6d0e3ab19fe1188350603b /crypto/asn1/x_long.c
parent	37332ecc010276b899810aa3ac26885bd9dcb57c (diff)
download	openssl-8ac6a53100bd6730a8824968ec25dccc727c29c9.tar.gz