Fix coverity-1604661

Coverity called out an error in asn1parse_main, indicating that the
for(;;) loop which repeatedly reads from a bio and updates the length
value num, may overflow said value prior to exiting the loop.

We could probably call this a false positive, but on very large PEM
file, I suppose it could happen, so just add a check to ensure that num
doesn't go from a large positive to a large negative value inside the
loop

Fixes openssl/private#571

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24910)

diff --git a/apps/asn1parse.c b/apps/asn1parse.c
index bf62f8594790759a5db9e8837b4c9a4a6d9c00f5..26b7cf2173a59d3936fbb6d5534baa91fd5fa62e 100644 (file)
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -216,6 +216,9 @@ int asn1parse_main(int argc, char **argv)
                 i = BIO_read(in, &(buf->data[num]), BUFSIZ);
                 if (i <= 0)
                     break;
+                /* make sure num doesn't overflow */
+                if (i > LONG_MAX - num)
+                    goto end;
                 num += i;
             }
         }