]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e5c2d56)
limit bignums to 128 bytes
authorNeil Horman <nhorman@openssl.org>
Fri, 26 Jul 2024 15:01:05 +0000 (11:01 -0400)
committerNeil Horman <nhorman@openssl.org>
Fri, 9 Aug 2024 12:28:27 +0000 (08:28 -0400)
Keep us from spinning forever doing huge amounts of math in the fuzzer

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25013)

(cherry picked from commit f0768376e1639d12a328745ef69c90d584138074)

fuzz/bignum.c patch | blob | blame | history

diff --git a/fuzz/bignum.c b/fuzz/bignum.c
index d7c3716aacb43b80e09a6e3e736383609c356ca1..783e915977025821380770a73743fd0eb175ed98 100644 (file)
--- a/fuzz/bignum.c
+++ b/fuzz/bignum.c
@@ -52,11 +52,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
      */
     if (len > 2) {
         len -= 3;
-        l1 = (buf[0] * len) / 255;
+        /* limit l1, l2, and l3 to be no more than 512 bytes */
+        l1 = ((buf[0] * len) / 255) % 512;
         ++buf;
-        l2 = (buf[0] * (len - l1)) / 255;
+        l2 = ((buf[0] * (len - l1)) / 255) % 512;
         ++buf;
-        l3 = len - l1 - l2;
+        l3 = (len - l1 - l2) % 512;
 
         s1 = buf[0] & 1;
         s3 = buf[0] & 4;
Mirror of https://github.com/openssl/openssl.git