Commit 79b3452f authored by Richard Levitte's avatar Richard Levitte
Browse files

Fix faulty check of padding in x_long.c 



Bug uncovered by test

[extended tests]

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
parent 8ac6a531

crypto/asn1/x_long.c

+5 −2
Original line number Diff line number Diff line
@@ -110,7 +110,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, 
    unsigned long utmp = 0;

    char *cp = (char *)pval;



    if (len) {

    if (len > 1) {

        /*

         * Check possible pad byte.  Worst case, we're skipping past actual

         * content, but since that's only with 0x00 and 0xff and we set neg
@@ -120,7 +120,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, 
        case 0xff:

            cont++;

            len--;

            neg = 1;

            neg = 0x80;

            break;

        case 0:

            cont++;
@@ -139,6 +139,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, 
            neg = 1;

        else

            neg = 0;

    } else if (neg == (cont[0] & 0x80)) {

        ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);

        return 0;

    }

    utmp = 0;

    for (i = 0; i < len; i++) {