From: Pauli <pauli@openssl.org>
Date: Wed, 26 Oct 2022 23:21:41 +0000 (+1100)
Subject: Fix CVE-2022-3602 in punycode decoder.
X-Git-Tag: openssl-3.2.0-alpha1~1823
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3b421ebc64c7b52f1b9feb3812bdc7781c784332;p=thirdparty%2Fopenssl.git

Fix CVE-2022-3602 in punycode decoder.

An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit fe3b639dc19b325846f4f6801f2f4604f56e3de3)
---

diff --git a/crypto/punycode.c b/crypto/punycode.c
index f6d7ff7960e..f0796163e3e 100644
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -181,7 +181,7 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
         n = n + i / (written_out + 1);
         i %= (written_out + 1);
 
-        if (written_out > max_out)
+        if (written_out >= max_out)
             return 0;
 
         memmove(pDecoded + i + 1, pDecoded + i,