CLEANUP: jwe: fix theoretical overflow in AAD length calculation

The expression items[JWE_ELT_JOSE].length << 3 performs the shift on an
unsigned int (32-bit) before being cast to uint64_t instead of after.
This means that we don't cover for a possible overflow (which would
never happen as it would need a header length beyond 512MB). At least
fixing it will avoid code check reports.

diff --git a/src/jwe.c b/src/jwe.c
index 2b8eafe591b240493eade22e37e64432382d681b..27762c8d3278c999c9ac9579d0704b69e8b74c69 100644 (file)
--- a/src/jwe.c
+++ b/src/jwe.c
@@ -448,7 +448,7 @@ static int build_and_check_tag(jwe_enc enc,  struct jwt_item items[JWE_ELT_MAX],
        int retval = 1;
        const EVP_MD *hash = NULL;
        int mac_key_len = 0;
-       uint64_t aad_len = my_htonll(items[JWE_ELT_JOSE].length << 3);
+       uint64_t aad_len = my_htonll((uint64_t)items[JWE_ELT_JOSE].length << 3);
 
        struct buffer *tag_data = alloc_trash_chunk();
        struct buffer *hmac = alloc_trash_chunk();