54 lines
1.7 KiB
Diff
54 lines
1.7 KiB
Diff
From 61b0fead5e6079ca826594df5b9ca00e65883cb0 Mon Sep 17 00:00:00 2001
|
|
From: Matt Caswell <matt@openssl.org>
|
|
Date: Thu, 19 Nov 2020 13:58:21 +0000
|
|
Subject: [PATCH] Don't Overflow when printing Thawte Strong Extranet Version
|
|
|
|
When printing human readable info on the Thawte Strong Extranet extension
|
|
the version number could overflow if the version number == LONG_MAX. This
|
|
is undefined behaviour.
|
|
|
|
Issue found by OSSFuzz.
|
|
|
|
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
|
|
(Merged from https://github.com/openssl/openssl/pull/13452)
|
|
---
|
|
crypto/x509v3/v3_sxnet.c | 18 +++++++++++++++---
|
|
1 files changed, 15 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
|
|
index 76f5eafc73..6e2b796a38 100644
|
|
--- a/crypto/x509v3/v3_sxnet.c
|
|
+++ b/crypto/x509v3/v3_sxnet.c
|
|
@@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
|
|
static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
|
|
int indent)
|
|
{
|
|
- long v;
|
|
+ int64_t v;
|
|
char *tmp;
|
|
SXNETID *id;
|
|
int i;
|
|
- v = ASN1_INTEGER_get(sx->version);
|
|
- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
|
|
+
|
|
+ /*
|
|
+ * Since we add 1 to the version number to display it, we don't support
|
|
+ * LONG_MAX since that would cause on overflow.
|
|
+ */
|
|
+ if (!ASN1_INTEGER_get_int64(&v, sx->version)
|
|
+ || v >= LONG_MAX
|
|
+ || v < LONG_MIN) {
|
|
+ BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
|
|
+ } else {
|
|
+ long vl = (long)v;
|
|
+
|
|
+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
|
|
+ }
|
|
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
|
|
id = sk_SXNETID_value(sx->ids, i);
|
|
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
|
|
|
|
--
|
|
2.23.0
|
|
|