projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Reject decoding of an INT64 with a value >INT64_MAX
[openssl.git]
/
crypto
/
asn1
/
x_int64.c
diff --git
a/crypto/asn1/x_int64.c
b/crypto/asn1/x_int64.c
index d180a3bb3ac08490cbbebaed3df96e81183b3a38..33e406169945f75b2178c7f216902d663a968ed9 100644
(file)
--- a/
crypto/asn1/x_int64.c
+++ b/
crypto/asn1/x_int64.c
@@
-9,8
+9,8
@@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <stdio.h>
#include "internal/cryptlib.h"
-#include "internal/asn1t.h"
#include "internal/numbers.h"
#include "internal/numbers.h"
+#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include "asn1_locl.h"
#include <openssl/bn.h>
#include "asn1_locl.h"
@@
-71,6
+71,11
@@
static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
return 0;
}
ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
return 0;
}
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && !neg && utmp > INT64_MAX) {
+ ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+ return 0;
+ }
memcpy(cp, &utmp, sizeof(utmp));
return 1;
}
memcpy(cp, &utmp, sizeof(utmp));
return 1;
}