]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 53b3456)
ossl_i2c_ASN1_BIT_STRING(): Fix a possible heap buffer overflow
authorAndrey Tsygunka <aitsygunka@yandex.ru>
Tue, 26 Nov 2024 07:53:31 +0000 (10:53 +0300)
committerTomas Mraz <tomas@openssl.org>
Fri, 20 Dec 2024 08:47:34 +0000 (09:47 +0100)
When data contains only zero values a buffer overflow happens.

CLA: trivial

Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26190)

crypto/asn1/a_bitstr.c patch | blob | blame | history

diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index d3940706322412f406f36ebcf5da63b6eaf939ec..a87cb15b44d4b9aded64756cbfb129f18769f420 100644 (file)
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
                 if (a->data[len - 1])
                     break;
             }
-            j = a->data[len - 1];
-            if (j & 0x01)
+
+            if (len == 0) {
                 bits = 0;
-            else if (j & 0x02)
-                bits = 1;
-            else if (j & 0x04)
-                bits = 2;
-            else if (j & 0x08)
-                bits = 3;
-            else if (j & 0x10)
-                bits = 4;
-            else if (j & 0x20)
-                bits = 5;
-            else if (j & 0x40)
-                bits = 6;
-            else if (j & 0x80)
-                bits = 7;
-            else
-                bits = 0;       /* should not happen */
+            } else {
+                j = a->data[len - 1];
+                if (j & 0x01)
+                    bits = 0;
+                else if (j & 0x02)
+                    bits = 1;
+                else if (j & 0x04)
+                    bits = 2;
+                else if (j & 0x08)
+                    bits = 3;
+                else if (j & 0x10)
+                    bits = 4;
+                else if (j & 0x20)
+                    bits = 5;
+                else if (j & 0x40)
+                    bits = 6;
+                else if (j & 0x80)
+                    bits = 7;
+                else
+                    bits = 0;       /* should not happen */
+            }
         }
     } else
         bits = 0;
Mirror of https://github.com/openssl/openssl.git