mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

ossl_i2c_ASN1_BIT_STRING(): Fix a possible heap buffer overflow

Browse Source 
When data contains only zero values a buffer overflow happens.

CLA: trivial

Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26190)
This commit is contained in:
Andrey Tsygunka 2024-11-26 10:53:31 +03:00 committed by Tomas Mraz
parent 53b34561b5
commit bf2dea0e2c
1 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
crypto/asn1/a_bitstr.c
View File

@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
if (a->data[len - 1])
break;
}
j = a->data[len - 1];
if (j & 0x01)
if (len == 0) {
bits = 0;
else if (j & 0x02)
bits = 1;
else if (j & 0x04)
bits = 2;
else if (j & 0x08)
bits = 3;
else if (j & 0x10)
bits = 4;
else if (j & 0x20)
bits = 5;
else if (j & 0x40)
bits = 6;
else if (j & 0x80)
bits = 7;
else
bits = 0; /* should not happen */
} else {
j = a->data[len - 1];
if (j & 0x01)
bits = 0;
else if (j & 0x02)
bits = 1;
else if (j & 0x04)
bits = 2;
else if (j & 0x08)
bits = 3;
else if (j & 0x10)
bits = 4;
else if (j & 0x20)
bits = 5;
else if (j & 0x40)
bits = 6;
else if (j & 0x80)
bits = 7;
else
bits = 0; /* should not happen */
}
}
} else
bits = 0;