x509: use safe maths calls for overflow detection

author Pauli <pauli@openssl.org>

Thu, 11 Nov 2021 00:45:42 +0000 (10:45 +1000)

committer Pauli <pauli@openssl.org>

Fri, 12 Nov 2021 09:49:47 +0000 (19:49 +1000)
author Pauli <pauli@openssl.org>
Thu, 11 Nov 2021 00:45:42 +0000 (10:45 +1000)
committer Pauli <pauli@openssl.org>
Fri, 12 Nov 2021 09:49:47 +0000 (19:49 +1000)
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c

index 70a7e8304edb3d54cba0285b9b5b6fc2f3ba7322..c9e66a0f3b6844e78607d704bf28c5f1ed4e8f7b 100644 (file)
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -9,6 +9,7 @@
  
  #include "internal/cryptlib.h"
  #include "internal/numbers.h"
+#include "internal/safe_math.h"
  #include <stdio.h>
  #include "crypto/asn1.h"
  #include <openssl/asn1t.h>
@@ -20,6 +21,8 @@
  #include "crypto/punycode.h"
  #include "ext_dat.h"
  
+OSSL_SAFE_MATH_SIGNED(int, int)
+
  static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                    X509V3_CTX *ctx,
                                    STACK_OF(CONF_VALUE) *nval);
@@ -222,16 +225,16 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
  
  static int add_lengths(int *out, int a, int b)
  {
+    int err = 0;
+
      /* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */
      if (a < 0)
          a = 0;
      if (b < 0)
          b = 0;
  
-    if (a > INT_MAX - b)
-        return 0;
-    *out = a + b;
-    return 1;
+    *out = safe_add_int(a, b, &err);
+    return !err;
  }
  
  /*-
author	Pauli <pauli@openssl.org>
	Thu, 11 Nov 2021 00:45:42 +0000 (10:45 +1000)
committer	Pauli <pauli@openssl.org>
	Fri, 12 Nov 2021 09:49:47 +0000 (19:49 +1000)