diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-27 16:11:11 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-04-04 11:29:23 +0200 |
commit | 8ac6a53100bd6730a8824968ec25dccc727c29c9 (patch) | |
tree | 6e0458d6abccc5131e6d0e3ab19fe1188350603b /crypto/asn1/x_long.c | |
parent | 37332ecc010276b899810aa3ac26885bd9dcb57c (diff) | |
download | openssl-8ac6a53100bd6730a8824968ec25dccc727c29c9.tar.gz |
Fix a possible integer overflow in long_c2i
Credit to OSS-Fuzz for finding this.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
Diffstat (limited to 'crypto/asn1/x_long.c')
-rw-r--r-- | crypto/asn1/x_long.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 233725f8ff..615d24df08 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -149,6 +149,10 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, utmp |= cont[i]; } ltmp = (long)utmp; + if (ltmp < 0) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } if (neg) { ltmp = -ltmp; ltmp--; |