Commit 8ac6a531 authored by Matt Caswell's avatar Matt Caswell Committed by Richard Levitte
Browse files

Fix a possible integer overflow in long_c2i 



Credit to OSS-Fuzz for finding this.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)
parent 37332ecc

crypto/asn1/x_long.c

+4 −0
Original line number Diff line number Diff line
@@ -149,6 +149,10 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, 
            utmp |= cont[i];

    }

    ltmp = (long)utmp;

    if (ltmp < 0) {

        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);

        return 0;

    }

    if (neg) {

        ltmp = -ltmp;

        ltmp--;