]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 03ba56f)
Backport a missing bug-fix from master
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Thu, 19 May 2022 13:50:28 +0000 (15:50 +0200)
committerBernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 21 May 2022 03:57:34 +0000 (05:57 +0200)
This is a backport of the following commit from master:

commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date:   Thu Nov 19 13:58:21 2020 +0000

    Don't Overflow when printing Thawte Strong Extranet Version

    When printing human readable info on the Thawte Strong Extranet extension
    the version number could overflow if the version number == LONG_MAX. This
    is undefined behaviour.

    Issue found by OSSFuzz.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/13452)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)

crypto/x509v3/v3_sxnet.c patch | blob | blame | history
fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 [new file with mode: 0644] patch | blob

diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index 89cda01be2a530f24a85737c3964fecc41dd67dc..0648553ae371cdd72e03fbfdbaadc09119b76d3a 100644 (file)
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
 static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
                      int indent)
 {
-    long v;
+    int64_t v;
     char *tmp;
     SXNETID *id;
     int i;
-    v = ASN1_INTEGER_get(sx->version);
-    BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+
+    /*
+     * Since we add 1 to the version number to display it, we don't support
+     * LONG_MAX since that would cause on overflow.
+     */
+    if (!ASN1_INTEGER_get_int64(&v, sx->version)
+            || v >= LONG_MAX
+            || v < LONG_MIN) {
+        BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
+    } else {
+        long vl = (long)v;
+
+        BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
+    }
     for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
         id = sk_SXNETID_value(sx->ids, i);
         tmp = i2s_ASN1_INTEGER(NULL, id->zone);
diff --git a/fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 b/fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28
new file mode 100644 (file)
index 0000000..dde1c66
Binary files /dev/null and b/fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 differ
Mirror of https://github.com/openssl/openssl.git