]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 876188d) | patch
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
authorEugene Syromiatnikov <esyr@openssl.org>
Fri, 29 Aug 2025 08:02:39 +0000 (10:02 +0200)
committerTomas Mraz <tomas@openssl.org>
Tue, 9 Sep 2025 18:21:41 +0000 (20:21 +0200)
commit35db6a15d436aa4d981ebcd581eded55fc8c8fb6
tree4efa545e446ac23bf8dbe8efa9380301f9f91d55tree | snapshot
parent876188d8a308babf1d24f27f5a838bca044d1d32commit | diff
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file

If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.

Reported-by: Liu-Ermeng <liuermeng2@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
crypto/rand/randfile.c diff | blob | blame | history
doc/man3/RAND_load_file.pod diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git