Avoid overflow issues in X509_cmp.

The length is a long, so returning the difference does not quite work. Thanks to Torbjörn Granlund for noticing. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
author: David Benjamin <davidben@google.com> 2016-04-27 20:02:35 -0400
committer: Richard Levitte <levitte@openssl.org> 2016-04-29 17:01:09 +0200
commit: 87a8405b66e94cbfc40c44104c3b52f342a623d5 (patch)
tree: 7ddcc3d5b75f64123526516ee989d02aa0aa4b80 /crypto/x509/x509_cmp.c
parent: a1f41284d7eb3c72096ae9cbd6a0673c0bb0d267 (diff)
download: openssl-87a8405b66e94cbfc40c44104c3b52f342a623d5.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index d3b2c199b9..831cfb70f0 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -187,9 +187,10 @@ int X509_cmp(const X509 *a, const X509 *b)
         return rv;
     /* Check for match against stored encoding too */
     if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
-        rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len);
-        if (rv)
-            return rv;
+        if (a->cert_info.enc.len < b->cert_info.enc.len)
+            return -1;
+        if (a->cert_info.enc.len > b->cert_info.enc.len)
+            return 1;
         return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
                       a->cert_info.enc.len);
     }
author	David Benjamin <davidben@google.com>	2016-04-27 20:02:35 -0400
committer	Richard Levitte <levitte@openssl.org>	2016-04-29 17:01:09 +0200
commit	87a8405b66e94cbfc40c44104c3b52f342a623d5 (patch)
tree	7ddcc3d5b75f64123526516ee989d02aa0aa4b80 /crypto/x509/x509_cmp.c
parent	a1f41284d7eb3c72096ae9cbd6a0673c0bb0d267 (diff)
download	openssl-87a8405b66e94cbfc40c44104c3b52f342a623d5.tar.gz