From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Tue, 23 Jun 2026 08:06:04 +0000 (+0200)
Subject: include/internal/hashtable.h: avoid OOB read in ossl_ht_strcase()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=029d629db23e95c6e827d09dae89ee8b4b54f3e2;p=thirdparty%2Fopenssl.git

include/internal/hashtable.h: avoid OOB read in ossl_ht_strcase()

Avoid accessing src[len] by swapping the check order and bound check
the iterator variable before the access.

Found by cppcheck.

Fixes: cc4ea5e00028 "Introduce new internal hashtable implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Jun 24 13:09:25 2026
(Merged from https://github.com/openssl/openssl/pull/31663)
---

diff --git a/include/internal/hashtable.h b/include/internal/hashtable.h
index 7c4150ba288..9aad6530974 100644
--- a/include/internal/hashtable.h
+++ b/include/internal/hashtable.h
@@ -357,7 +357,7 @@ static ossl_inline ossl_unused void ossl_ht_strcase(HT_KEY *key, char *tgt, cons
     if (key != NULL && key->keysize + len > key->bufsize)
         len = (size_t)(key->bufsize - key->keysize);
 
-    for (i = 0; src[i] != '\0' && i < len; i++)
+    for (i = 0; i < len && src[i] != '\0'; i++)
         tgt[i] = case_adjust & src[i];
 }