From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Sat, 5 Sep 2020 21:35:49 +0000 (+1200)
Subject: utils/asn1: avoid undefined behaviour warning
X-Git-Tag: talloc-2.3.2~557
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ed9abf94b3167a1a61b5da163e9b07b06c8a457b;p=thirdparty%2Fsamba.git

utils/asn1: avoid undefined behaviour warning

UBSAN does not like an int >= 1<<24 being shifted left.
We check the overflow in the very next line.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25436

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 11 05:05:59 UTC 2020 on sn-devel-184
---

diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 6b1b4bc2877..9ab9e1b0844 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -1071,7 +1071,11 @@ bool asn1_read_enumerated(struct asn1_data *data, int *v)
 			data->has_error = true;
 			return false;
 		}
-		*v = (*v << 8) + b;
+		/*
+		 * To please/fool the Undefined Behaviour Sanitizer we cast to
+		 * unsigned for the left shift.
+		 */
+		*v = ((unsigned int)*v << 8) + b;
 		if (*v < 0) {
 			/* ASN1_ENUMERATED can't be -ve. */
 			data->has_error = true;