mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 04:53:52 +08:00
asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
"Next" refers to negative minimum "next" to one presentable by given number of bytes. For example, -128 is negative minimum presentable by one byte, and -256 is "next" one. Thanks to Kazuki Yamaguchi for report, GH#3339 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
595b2a4237
commit
1e93d619b7
@ -167,10 +167,21 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg,
|
|||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (p[0] == 0 || p[0] == 0xFF)
|
|
||||||
|
pad = 0;
|
||||||
|
if (p[0] == 0) {
|
||||||
pad = 1;
|
pad = 1;
|
||||||
else
|
} else if (p[0] == 0xFF) {
|
||||||
pad = 0;
|
size_t i;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Special case [of "one less minimal negative" for given length]:
|
||||||
|
* if any other bytes non zero it was padded, otherwise not.
|
||||||
|
*/
|
||||||
|
for (pad = 0, i = 1; i < plen; i++)
|
||||||
|
pad |= p[i];
|
||||||
|
pad = pad != 0 ? 1 : 0;
|
||||||
|
}
|
||||||
/* reject illegal padding: first two octets MSB can't match */
|
/* reject illegal padding: first two octets MSB can't match */
|
||||||
if (pad && (neg == (p[1] & 0x80))) {
|
if (pad && (neg == (p[1] & 0x80))) {
|
||||||
ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
|
ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
|
||||||
|
Loading…
Reference in New Issue
Block a user