From: Nick Porter Date: Mon, 23 Dec 2024 12:35:22 +0000 (+0000) Subject: Correct limit on negative cbor decode X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=266de7381c32faec6db1339128ea35e5372d1a90;p=thirdparty%2Ffreeradius-server.git Correct limit on negative cbor decode --- diff --git a/src/lib/util/cbor.c b/src/lib/util/cbor.c index ef36effa0f2..a2ac6862b1f 100644 --- a/src/lib/util/cbor.c +++ b/src/lib/util/cbor.c @@ -1157,8 +1157,9 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t /* * Signed numbers only go down to -2^63 + * so value must be less than 2^63 */ - if (value > ((uint64_t) 1) << 63) goto invalid; + if (value >= ((uint64_t) 1) << 63) goto invalid; /* * Convert 0..(2^63-1) into -0..-(2^63-1)