mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix coverity-1604661

Browse Source 
Coverity called out an error in asn1parse_main, indicating that the
for(;;) loop which repeatedly reads from a bio and updates the length
value num, may overflow said value prior to exiting the loop.

We could probably call this a false positive, but on very large PEM
file, I suppose it could happen, so just add a check to ensure that num
doesn't go from a large positive to a large negative value inside the
loop

Fixes openssl/private#571

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24910)
This commit is contained in:
Neil Horman 2024-07-16 11:38:33 -04:00 committed by Tomas Mraz
parent 0b67643ade
commit 50066236eb
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/asn1parse.c
View File

@ -216,6 +216,9 @@ int asn1parse_main(int argc, char **argv)
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
break;
/* make sure num doesn't overflow */
if (i > LONG_MAX - num)
goto end;
num += i;
}
}