Check for overflows in i2d_ASN1_SET() (6592de7c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/asn1/a_set.c

+7 −2

Original line number	Diff line number	Diff line
		@@ -57,6 +57,7 @@
		*/

		#include <stdio.h>
		#include <limits.h>
		#include "cryptlib.h"
		#include <openssl/asn1_mac.h>

		@@ -98,10 +99,14 @@ int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) a, unsigned char *pp,

		if (a == NULL)
		return (0);
		for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
		for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) {
		int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
		if (tmplen > INT_MAX - ret)
		return -1;
		ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
		}
		r = ASN1_object_size(1, ret, ex_tag);
		if (pp == NULL)
		if (pp == NULL \|\| r == -1)
		return (r);

		p = *pp;