The branch OpenSSL_1_1_0-stable has been updated
via 376dc4e06b4936ff0c9c53b8f53795d0b3774ab3 (commit)
from a504540fcbc779e7e2b855dccaae9e4d7156c88d (commit)
- Log -----------------------------------------------------------------
commit 376dc4e06b4936ff0c9c53b8f53795d0b3774ab3
Author: Matt Caswell <[email protected]>
Date: Mon Apr 10 17:33:29 2017 +0100
Reject decoding of an INT64 with a value >INT64_MAX
Reviewed-by: Richard Levitte <[email protected]>
Reviewed-by: Andy Polyakov <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/3159)
(cherry picked from commit 0856e3f167964f58c26796331eab9d8b0a883921)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_int64.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
index e0520ff..26578b2 100644
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
@@ -71,6 +71,11 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char
*cont, int len,
ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
return 0;
}
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && !neg && utmp > INT64_MAX) {
+ ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+ return 0;
+ }
memcpy(cp, &utmp, sizeof(utmp));
return 1;
}
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
