mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't Overflow when printing Thawte Strong Extranet Version

Browse Source 
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.

Issue found by OSSFuzz.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
This commit is contained in:
Matt Caswell 2020-11-19 13:58:21 +00:00
parent 89cccbea51
commit 61b0fead5e
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/x509/v3_sxnet.c
View File

@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
int indent)
{
long v;
int64_t v;
char *tmp;
SXNETID *id;
int i;
v = ASN1_INTEGER_get(sx->version);
BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
/*
* Since we add 1 to the version number to display it, we don't support
* LONG_MAX since that would cause on overflow.
*/
if (!ASN1_INTEGER_get_int64(&v, sx->version)
|| v >= LONG_MAX
|| v < LONG_MIN) {
BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
} else {
long vl = (long)v;
BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
}
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);

BIN
fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 Normal file
View File

Binary file not shown.