Correct limit on negative cbor decode

author Nick Porter <nick@portercomputing.co.uk>

Mon, 23 Dec 2024 12:35:22 +0000 (12:35 +0000)

committer Nick Porter <nick@portercomputing.co.uk>

Mon, 23 Dec 2024 12:35:22 +0000 (12:35 +0000)
author Nick Porter <nick@portercomputing.co.uk>
Mon, 23 Dec 2024 12:35:22 +0000 (12:35 +0000)
committer Nick Porter <nick@portercomputing.co.uk>
Mon, 23 Dec 2024 12:35:22 +0000 (12:35 +0000)
diff --git a/src/lib/util/cbor.c b/src/lib/util/cbor.c

index ef36effa0f2315d21f29938023152dced61e9336..a2ac6862b1f465865febc29f56e471e258aea1b5 100644 (file)
--- a/src/lib/util/cbor.c
+++ b/src/lib/util/cbor.c
@@ -1157,8 +1157,9 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
  
                 /*
                  *      Signed numbers only go down to -2^63
+                *      so value must be less than 2^63
                  */
-               if (value > ((uint64_t) 1) << 63) goto invalid;
+               if (value >= ((uint64_t) 1) << 63) goto invalid;
  
                 /*
                  *      Convert 0..(2^63-1) into -0..-(2^63-1)
author	Nick Porter <nick@portercomputing.co.uk>
	Mon, 23 Dec 2024 12:35:22 +0000 (12:35 +0000)
committer	Nick Porter <nick@portercomputing.co.uk>
	Mon, 23 Dec 2024 12:35:22 +0000 (12:35 +0000)