mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

x509: use safe maths calls for overflow detection

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16930)
This commit is contained in:
Pauli 2021-11-11 10:45:42 +10:00
parent d362db7cd1
commit 87fd67d997
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/x509/v3_ncons.c
View File

@ -9,6 +9,7 @@
#include "internal/cryptlib.h"
#include "internal/numbers.h"
#include "internal/safe_math.h"
#include <stdio.h>
#include "crypto/asn1.h"
#include <openssl/asn1t.h>
@ -20,6 +21,8 @@
#include "crypto/punycode.h"
#include "ext_dat.h"
OSSL_SAFE_MATH_SIGNED(int, int)
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);
@ -222,16 +225,16 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
static int add_lengths(int *out, int a, int b)
{
int err = 0;
/* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */
if (a < 0)
a = 0;
if (b < 0)
b = 0;
if (a > INT_MAX - b)
return 0;
*out = a + b;
return 1;
*out = safe_add_int(a, b, &err);
return !err;
}
/*-