From: Drokov Pavel <drokov@rutoken.ru>
Date: Fri, 12 Jan 2024 07:10:17 +0000 (-0500)
Subject: Fix arithmetic expression overflow
X-Git-Tag: openssl-3.0.13~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11f7b60b6ff4d2186f83fbe05f3ffbdebaa8572b;p=thirdparty%2Fopenssl.git

Fix arithmetic expression overflow

If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)

(cherry picked from commit 486ab0fb003d05f89620662260486d31bd3faa8c)
---

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 85d30eb58ae..d7e55d0e06b 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -62,7 +62,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
     a = ca->obj;
     switch (ca->type) {
     case ADDED_DATA:
-        ret = a->length << 20L;
+        ret = (unsigned long)a->length << 20UL;
         p = (unsigned char *)a->data;
         for (i = 0; i < a->length; i++)
             ret ^= p[i] << ((i * 3) % 24);