From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 11 Nov 2025 09:08:30 +0000 (+0100)
Subject: UTF8_getc(): Fail with UTF8 values outside UNICODE_LIMIT
X-Git-Tag: 3.6-PRE-CLANG-FORMAT-WEBKIT~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4074a6a265ac8622357def4fc83238547db092c;p=thirdparty%2Fopenssl.git

UTF8_getc(): Fail with UTF8 values outside UNICODE_LIMIT

Reported by Aniruddhan Murali

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29119)

(cherry picked from commit 7deeeb950be7b32a2407fdc37864b23b5b8797bd)
---

diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
index 6572726cf1e..0a6024ffa45 100644
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@@ -73,7 +73,7 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
         value |= (*p++ & 0x3f) << 12;
         value |= (*p++ & 0x3f) << 6;
         value |= *p++ & 0x3f;
-        if (value < 0x10000)
+        if (value < 0x10000 || value >= UNICODE_LIMIT)
             return -4;
         ret = 4;
     } else