wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix faulty check of padding in x_long.c

Browse source 
Bug uncovered by test

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
This commit is contained in:
Richard Levitte 2017-03-31 21:31:43 +02:00
parent 8ac6a53100
commit 79b3452faf
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
crypto/asn1/x_long.c
View file

@ -110,7 +110,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
unsigned long utmp = 0;
char *cp = (char *)pval;
if (len) {
if (len > 1) {
/*
* Check possible pad byte. Worst case, we're skipping past actual
* content, but since that's only with 0x00 and 0xff and we set neg
@ -120,7 +120,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
case 0xff:
cont++;
len--;
neg = 1;
neg = 0x80;
break;
case 0:
cont++;
@ -139,6 +139,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
neg = 1;
else
neg = 0;
} else if (neg == (cont[0] & 0x80)) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
return 0;
}
utmp = 0;
for (i = 0; i < len; i++) {