projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 302eba3)
Avoid out-of-bounds read
authorRich Salz <rsalz@openssl.org>
Tue, 22 Aug 2017 15:44:41 +0000 (11:44 -0400)
committerRich Salz <rsalz@openssl.org>
Mon, 28 Aug 2017 17:26:26 +0000 (13:26 -0400)
Fixes CVE 2017-3735

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4276)

crypto/x509v3/v3_addr.c patch | blob | history

diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index f4e1298ca33af50e8d6e818ea9be08fbb6eecfae..bb58e0484611a4f0f40868a01671c78a265267ad 100644 (file)
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi)
  */
 unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
 {
-    return ((f != NULL &&
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
-            : 0);
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
 }
 
 /*
Unnamed repository; edit this file 'description' to name the repository.