30 lines
1001 B
Diff
30 lines
1001 B
Diff
From 277d75633d8008cde468d026694289ca32f2cb6d Mon Sep 17 00:00:00 2001
|
|
From: Bart Van Assche <bvanassche@acm.org>
|
|
Date: Thu, 26 Aug 2021 10:17:11 -0700
|
|
Subject: [PATCH] libsnmp: Fix undefined behavior in asn_build_int()
|
|
|
|
According to the C standard, triggering an overflow by shifting a signed
|
|
integer results in undefined behavior. Fix this by inserting a cast.
|
|
|
|
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37579
|
|
---
|
|
snmplib/asn1.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
|
|
index d5d7eb6..959ae21 100644
|
|
--- a/snmplib/asn1.c
|
|
+++ b/snmplib/asn1.c
|
|
@@ -784,7 +784,7 @@ asn_build_int(u_char * data,
|
|
*/
|
|
while (intsize--) {
|
|
*data++ = (u_char) ((integer & mask) >> (8 * (sizeof(long) - 1)));
|
|
- integer <<= 8;
|
|
+ integer = (u_long)integer << 8;
|
|
}
|
|
DEBUGDUMPSETUP("send", initdatap, data - initdatap);
|
|
DEBUGMSG(("dumpv_send", " Integer:\t%ld (0x%.2lX)\n", *intp, *intp));
|
|
--
|
|
1.8.3.1
|
|
|