oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

heimdal: Avoid overflow when performing bitwise shift operations

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2021-07-14 16:04:48 +12:00
committed by Jeffrey Altman
parent bc37bf1afd
commit 1c93a6ff26
5 changed files with 36 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/asn1/template.c
View File

@@ -115,9 +115,9 @@ _asn1_bmember_get_bit(const unsigned char *p, void *data,
unsigned int localbit = bit % 8;
if ((*p >> (7 - localbit)) & 1) {
#ifdef WORDS_BIGENDIAN
*(unsigned int *)data |= (1 << ((size * 8) - bit - 1));
*(unsigned int *)data |= (1u << ((size * 8) - bit - 1));
#else
*(unsigned int *)data |= (1 << bit);
*(unsigned int *)data |= (1u << bit);
#endif
}
}
@@ -126,11 +126,11 @@ int
_asn1_bmember_isset_bit(const void *data, unsigned int bit, size_t size)
{
#ifdef WORDS_BIGENDIAN
if ((*(unsigned int *)data) & (1 << ((size * 8) - bit - 1)))
if ((*(unsigned int *)data) & (1u << ((size * 8) - bit - 1)))
return 1;
return 0;
#else
if ((*(unsigned int *)data) & (1 << bit))
if ((*(unsigned int *)data) & (1u << bit))
return 1;
return 0;
#endif
@@ -143,7 +143,7 @@ _asn1_bmember_put_bit(unsigned char *p, const void *data, unsigned int bit,
unsigned int localbit = bit % 8;
if (_asn1_bmember_isset_bit(data, bit, size)) {
*p |= (1 << (7 - localbit));
*p |= (1u << (7 - localbit));
if (*bitset == 0)
*bitset = (7 - localbit) + 1;
}

10
lib/gssapi/krb5/8003.c
View File

@@ -57,7 +57,10 @@ krb5_error_code
_gsskrb5_decode_om_uint32(const void *ptr, OM_uint32 *n)
{
const u_char *p = ptr;
*n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
*n = ((uint32_t)p[0])
| ((uint32_t)p[1] << 8)
| ((uint32_t)p[2] << 16)
| ((uint32_t)p[3] << 24);
return 0;
}
@@ -65,7 +68,10 @@ krb5_error_code
_gsskrb5_decode_be_om_uint32(const void *ptr, OM_uint32 *n)
{
const u_char *p = ptr;
*n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
*n = ((uint32_t)p[0] <<24)
| ((uint32_t)p[1] << 16)
| ((uint32_t)p[2] << 8)
| ((uint32_t)p[3]);
return 0;
}

5
lib/gssapi/krb5/init_sec_context.c
View File

@@ -608,7 +608,10 @@ init_auth_restart
if (ret == 0) {
if (timedata.length == 4) {
const u_char *p = timedata.data;
offset = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
offset = ((uint32_t)p[0] << 24)
| ((uint32_t)p[1] << 16)
| ((uint32_t)p[2] << 8)
| ((uint32_t)p[3] << 0);
}
krb5_data_free(&timedata);
}

26
lib/hcrypto/des.c
View File

@@ -225,8 +225,14 @@ DES_set_key_unchecked(DES_cblock *key, DES_key_schedule *ks)
uint32_t *k = &ks->ks[0];
int i;
t1 = (*key)[0] << 24 | (*key)[1] << 16 | (*key)[2] << 8 | (*key)[3];
t2 = (*key)[4] << 24 | (*key)[5] << 16 | (*key)[6] << 8 | (*key)[7];
t1 = (uint32_t)((*key)[0]) << 24
| (uint32_t)((*key)[1]) << 16
| (uint32_t)((*key)[2]) << 8
| (*key)[3];
t2 = (uint32_t)((*key)[4]) << 24
| (uint32_t)((*key)[5]) << 16
| (uint32_t)((*key)[6]) << 8
| (*key)[7];
c = (pc1_c_3[(t1 >> (5 )) & 0x7] << 3)
| (pc1_c_3[(t1 >> (5 + 8 )) & 0x7] << 2)
@@ -325,14 +331,14 @@ DES_key_sched(DES_cblock *key, DES_key_schedule *ks)
static void
load(const unsigned char *b, uint32_t v[2])
{
v[0] = b[0] << 24;
v[0] |= b[1] << 16;
v[0] |= b[2] << 8;
v[0] |= b[3] << 0;
v[1] = b[4] << 24;
v[1] |= b[5] << 16;
v[1] |= b[6] << 8;
v[1] |= b[7] << 0;
v[0] = (uint32_t)(b[0]) << 24;
v[0] |= (uint32_t)(b[1]) << 16;
v[0] |= (uint32_t)(b[2]) << 8;
v[0] |= b[3];
v[1] = (uint32_t)(b[4]) << 24;
v[1] |= (uint32_t)(b[5]) << 16;
v[1] |= (uint32_t)(b[6]) << 8;
v[1] |= b[7];
}
static void

6
lib/krb5/crypto.h
View File

@@ -132,9 +132,9 @@ struct _krb5_encryption_type {
krb5_crypto, const krb5_data *, krb5_data *);
};
#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
#define ENCRYPTION_USAGE(U) (((uint32_t)(U) << 8) | 0xAA)
#define INTEGRITY_USAGE(U) (((uint32_t)(U) << 8) | 0x55)
#define CHECKSUM_USAGE(U) (((uint32_t)(U) << 8) | 0x99)
/* Checksums */