Download raw body.
[PATCH] libressl: Fix integer overflow
If the values a->length or ca->type is large, they could overflow,
which would cause undefined behavior.
Signed-off-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
---
src/lib/libcrypto/objects/obj_dat.c | 4 ++--
src/regress/lib/libcrypto/asn1/asn1object.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 53ae83784..7c8ddeef0 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -100,7 +100,7 @@ added_obj_hash(const ADDED_OBJ *ca)
a = ca->obj;
switch (ca->type) {
case ADDED_DATA:
- ret = a->length << 20L;
+ ret = (unsigned long)a->length << 20L;
p = (unsigned char *)a->data;
for (i = 0; i < a->length; i++)
ret ^= p[i] << ((i * 3) % 24);
@@ -118,7 +118,7 @@ added_obj_hash(const ADDED_OBJ *ca)
return 0;
}
ret &= 0x3fffffffL;
- ret |= ca->type << 30L;
+ ret |= (unsigned long)ca->type << 30L;
return (ret);
}
static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ)
diff --git a/src/regress/lib/libcrypto/asn1/asn1object.c b/src/regress/lib/libcrypto/asn1/asn1object.c
index 242881af0..085522939 100644
--- a/src/regress/lib/libcrypto/asn1/asn1object.c
+++ b/src/regress/lib/libcrypto/asn1/asn1object.c
@@ -531,7 +531,7 @@ asn1_object_i2d_errors(void)
if ((ret = i2d_ASN1_OBJECT(aobj, NULL)) > 0) {
fprintf(stderr, "FAIL: i2d_ASN1_OBJECT() succeeded on undefined "
- "object\n");
+ "object returned %d, want <= 0\n", ret);
goto failed;
}
--
2.39.5 (Apple Git-154)
[PATCH] libressl: Fix integer overflow