From 87fd67d997b236d1202546345d18384a968c9206 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Thu, 11 Nov 2021 10:45:42 +1000
Subject: [PATCH] x509: use safe maths calls for overflow detection

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16930)
---
 crypto/x509/v3_ncons.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index 70a7e8304ed..c9e66a0f3b6 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -9,6 +9,7 @@
 
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
+#include "internal/safe_math.h"
 #include <stdio.h>
 #include "crypto/asn1.h"
 #include <openssl/asn1t.h>
@@ -20,6 +21,8 @@
 #include "crypto/punycode.h"
 #include "ext_dat.h"
 
+OSSL_SAFE_MATH_SIGNED(int, int)
+
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                   X509V3_CTX *ctx,
                                   STACK_OF(CONF_VALUE) *nval);
@@ -222,16 +225,16 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
 
 static int add_lengths(int *out, int a, int b)
 {
+    int err = 0;
+
     /* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */
     if (a < 0)
         a = 0;
     if (b < 0)
         b = 0;
 
-    if (a > INT_MAX - b)
-        return 0;
-    *out = a + b;
-    return 1;
+    *out = safe_add_int(a, b, &err);
+    return !err;
 }
 
 /*-
-- 
2.47.2