artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4bcc70e)
Valid integer and enumerated types always have non-zero length. Perform
authorrob <rob@openbsd.org>
Fri, 22 Jan 2021 03:20:56 +0000 (03:20 +0000)
committerrob <rob@openbsd.org>
Fri, 22 Jan 2021 03:20:56 +0000 (03:20 +0000)
check to ensure we avoid a possible (undefined) negative shift. Found
with clang static analyzer.

Tweaked and OK martijn@

lib/libutil/ber.c patch | blob | history

diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c
index 1698aad..9768ed3 100644 (file)
--- a/lib/libutil/ber.c
+++ b/lib/libutil/ber.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ber.c,v 1.17 2020/09/03 19:09:57 martijn Exp $ */
+/*     $OpenBSD: ber.c,v 1.18 2021/01/22 03:20:56 rob Exp $ */
 
 /*
  * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -1258,6 +1258,10 @@ ober_read_element(struct ber *ber, struct ber_element *elm)
                }
        case BER_TYPE_INTEGER:
        case BER_TYPE_ENUMERATED:
+               if (len < 1) {
+                       errno = EINVAL;
+                       return -1;
+               }
                if (len > (ssize_t)sizeof(long long)) {
                        errno = ERANGE;
                        return -1;
OpenBSD src
by Ahmet Artu Yildirim