projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reject decoding of an INT64 with a value >INT64_MAX
[openssl.git] / crypto / asn1 / x_int64.c
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
index d180a3bb3ac08490cbbebaed3df96e81183b3a38..33e406169945f75b2178c7f216902d663a968ed9 100644 (file)
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
@@ -9,8 +9,8 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "internal/asn1t.h"
 #include "internal/numbers.h"
 #include "internal/numbers.h"
+#include <openssl/asn1t.h>
 #include <openssl/bn.h>
 #include "asn1_locl.h"
 
 #include <openssl/bn.h>
 #include "asn1_locl.h"
 
@@ -71,6 +71,11 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
         return 0;
     }
         ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
         return 0;
     }
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+            && !neg && utmp > INT64_MAX) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+        return 0;
+    }
     memcpy(cp, &utmp, sizeof(utmp));
     return 1;
 }
     memcpy(cp, &utmp, sizeof(utmp));
     return 1;
 }
Unnamed repository; edit this file 'description' to name the repository.