From: Bob Beck <beck@openssl.org>
Date: Thu, 7 May 2026 21:30:03 +0000 (-0600)
Subject: Correct ASN1_STRING_set() behaviour to match the documentation
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9d87ccc50eea86163facc5bfcca66294932e72c;p=thirdparty%2Fopenssl.git

Correct ASN1_STRING_set() behaviour to match the documentation

ASN1_STRING_set() has never promised to call strlen() for other
negative values.  Other values here likely indicate an error,
such as an integer overflow.  Call strlen() only if the length
provided is -1.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Mon May 11 00:34:25 2026
(Merged from https://github.com/openssl/openssl/pull/31113)
---

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 4d61dfca549..28898b49fff 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -289,7 +289,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
     const char *data = _data;
     size_t len;
 
-    if (len_in < 0) {
+    if (len_in < -1) {
+        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
+        return 0;
+    }
+    if (len_in == -1) {
         if (data == NULL)
             return 0;
         len = strlen(data);