From: rob <rob@openbsd.org>
Date: Fri, 22 Jan 2021 03:20:56 +0000 (+0000)
Subject: Valid integer and enumerated types always have non-zero length. Perform
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=68ec4783ef349f19c081b409615ef48bf54724c0;p=openbsd

Valid integer and enumerated types always have non-zero length. Perform
check to ensure we avoid a possible (undefined) negative shift. Found
with clang static analyzer.

Tweaked and OK martijn@
---

diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c
index 1698aad6147..9768ed3b82a 100644
--- a/lib/libutil/ber.c
+++ b/lib/libutil/ber.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ber.c,v 1.17 2020/09/03 19:09:57 martijn Exp $ */
+/*	$OpenBSD: ber.c,v 1.18 2021/01/22 03:20:56 rob Exp $ */
 
 /*
  * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -1258,6 +1258,10 @@ ober_read_element(struct ber *ber, struct ber_element *elm)
 		}
 	case BER_TYPE_INTEGER:
 	case BER_TYPE_ENUMERATED:
+		if (len < 1) {
+			errno = EINVAL;
+			return -1;
+		}
 		if (len > (ssize_t)sizeof(long long)) {
 			errno = ERANGE;
 			return -1;