summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Horman <nhorman@openssl.org>2024-07-16 17:38:33 +0200
committerTomas Mraz <tomas@openssl.org>2024-07-18 19:09:10 +0200
commit50066236eb3b31c93aaa935ca38f5cc1ec056696 (patch)
treeaf44e9b7e10e6fa906874be6ce869bfc56740a8c
parentFix coverity-1610057 (diff)
downloadopenssl-50066236eb3b31c93aaa935ca38f5cc1ec056696.tar.xz
openssl-50066236eb3b31c93aaa935ca38f5cc1ec056696.zip
Fix coverity-1604661
Coverity called out an error in asn1parse_main, indicating that the for(;;) loop which repeatedly reads from a bio and updates the length value num, may overflow said value prior to exiting the loop. We could probably call this a false positive, but on very large PEM file, I suppose it could happen, so just add a check to ensure that num doesn't go from a large positive to a large negative value inside the loop Fixes openssl/private#571 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24910)
-rw-r--r--apps/asn1parse.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/asn1parse.c b/apps/asn1parse.c
index bf62f85947..26b7cf2173 100644
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -216,6 +216,9 @@ int asn1parse_main(int argc, char **argv)
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
break;
+ /* make sure num doesn't overflow */
+ if (i > LONG_MAX - num)
+ goto end;
num += i;
}
}