From: mlitre <martinlitre@mac.com>
Date: Mon, 1 May 2023 09:07:21 +0000 (+0200)
Subject: Add negative integer check when using ASN1_BIT_STRING
X-Git-Tag: OpenSSL_1_1_1u~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ddacec11481a37302c19f4454e23299af399f83;p=thirdparty%2Fopenssl.git

Add negative integer check when using ASN1_BIT_STRING

The negative integer check is done to prevent potential overflow.
Fixes #20719.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20862)

(cherry picked from commit 1258a8e4361320cd3cfaf9ede692492ce01034c8)
---

diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index f462dd10736..31a1e11359c 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -148,6 +148,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
     int w, v, iv;
     unsigned char *c;
 
+    if (n < 0)
+        return 0;
+
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     iv = ~v;
@@ -182,6 +185,9 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 {
     int w, v;
 
+    if (n < 0)
+        return 0;
+
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))