zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ossl_i2c_ASN1_BIT_STRING(): Fix a possible heap buffer overflow

Browse Source 
When data contains only zero values a buffer overflow happens.

CLA: trivial

Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26190)
This commit is contained in:
Andrey Tsygunka 2024-11-26 10:53:31 +03:00 committed by Tomas Mraz
parent 53b34561b5
commit bf2dea0e2c
1 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
crypto/asn1/a_bitstr.c
View File

@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
if (a->data[len - 1]) if (a->data[len - 1])
break; break;
} }
j = a->data[len - 1];
if (j & 0x01) if (len == 0) {
bits = 0; bits = 0;
else if (j & 0x02) } else {
bits = 1; j = a->data[len - 1];
else if (j & 0x04) if (j & 0x01)
bits = 2; bits = 0;
else if (j & 0x08) else if (j & 0x02)
bits = 3; bits = 1;
else if (j & 0x10) else if (j & 0x04)
bits = 4; bits = 2;
else if (j & 0x20) else if (j & 0x08)
bits = 5; bits = 3;
else if (j & 0x40) else if (j & 0x10)
bits = 6; bits = 4;
else if (j & 0x80) else if (j & 0x20)
bits = 7; bits = 5;
else else if (j & 0x40)
bits = 0; /* should not happen */ bits = 6;
else if (j & 0x80)
bits = 7;
else
bits = 0; /* should not happen */
}
} }
} else } else
bits = 0; bits = 0;