root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Avoid overflow issues in X509_cmp. 

The length is a long, so returning the difference does not quite work.

Thanks to Torbjörn Granlund for noticing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
David Benjamin 2016-04-27 20:02:35 -04:00 committed by Richard Levitte
parent a1f41284d7
commit 87a8405b66
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/x509/x509_cmp.c
View File

@ -187,9 +187,10 @@ int X509_cmp(const X509 *a, const X509 *b)
return rv; return rv;
/* Check for match against stored encoding too */ /* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len); if (a->cert_info.enc.len < b->cert_info.enc.len)
if (rv) return -1;
return rv; if (a->cert_info.enc.len > b->cert_info.enc.len)
return 1;
return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc, return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
a->cert_info.enc.len); a->cert_info.enc.len);
} }