cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 12:11:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls_asn1_get_int: fix int overflow

Browse Source 
Fix a signed int overflow in mbedtls_asn1_get_int() for numbers
between INT_MAX+1 and UINT_MAX (typically 0x80000000..0xffffffff).
This was undefined behavior which in practice would typically have
resulted in an incorrect value, but which may plausibly also have
caused the postcondition (*p == initial<*p> + len) to be violated.

Credit to OSS-Fuzz.
This commit is contained in:
Gilles Peskine 2019-10-10 19:29:27 +02:00
parent 9fd9794d10
commit 37570e8152
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/asn1parse.c
View File

@ -167,6 +167,8 @@ int mbedtls_asn1_get_int( unsigned char **p,
* the int type has no padding bit. */
if( len > sizeof( int ) )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
*val = 0;
while( len-- > 0 )