wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes

Browse source 
The deprecated ASN.1 type LONG / ZLONG (incorrectly) produced zero
length INTEGER encoding for zeroes.  For the sake of backward
compatibility, we allow those to be read without fault when using the
replacement types INT32 / UINT32 / INT64 / UINT64.

Fixes #7134

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7144)
This commit is contained in:
Richard Levitte 2018-09-06 22:09:11 +02:00
parent c2278c8bc4
commit ca89174bc9
1 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
crypto/asn1/x_int64.c
View file

@ -81,6 +81,16 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
return 0;
cp = (char *)*pval;
/*
* Strictly speaking, zero length is malformed. However, long_c2i
* (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
* so for the sake of backward compatibility, we still decode zero
* length INTEGERs as the number zero.
*/
if (len == 0)
goto long_compat;
if (!c2i_uint64_int(&utmp, &neg, &cont, len))
return 0;
if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
@ -95,6 +105,8 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
if (neg)
/* c2i_uint64_int() returns positive values */
utmp = 0 - utmp;
long_compat:
memcpy(cp, &utmp, sizeof(utmp));
return 1;
}
@ -172,6 +184,16 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
return 0;
cp = (char *)*pval;
/*
* Strictly speaking, zero length is malformed. However, long_c2i
* (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
* so for the sake of backward compatibility, we still decode zero
* length INTEGERs as the number zero.
*/
if (len == 0)
goto long_compat;
if (!c2i_uint64_int(&utmp, &neg, &cont, len))
return 0;
if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
@ -191,6 +213,8 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
return 0;
}
}
long_compat:
utmp2 = (uint32_t)utmp;
memcpy(cp, &utmp2, sizeof(utmp2));
return 1;