oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

asn1: check overflow against SIZE_MAX not +1

Browse Source 
A comparison of (len > len + 1) is permitted to be optimized out
as dead code because it can't be true.  Overflowing is an exceptional
condition that results in undefined behavior.  The correct conditional
is (len == SIZE_MAX) when len is size_t.

Change-Id: Ia5586556a973d9fa5228430c4304ea9792c996bb
This commit is contained in:
Jeffrey Altman
2014-06-20 20:15:13 -04:00
parent 5fd158db47
commit a5da5bcb96
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/asn1/der_get.c
View File

@@ -188,7 +188,7 @@ der_get_general_string (const unsigned char *p, size_t len,
return ASN1_BAD_CHARACTER; return ASN1_BAD_CHARACTER;
} }
} }
if (len > len + 1) { if (len == SIZE_MAX) {
*str = NULL; *str = NULL;
return ASN1_BAD_LENGTH; return ASN1_BAD_LENGTH;
} }
@@ -217,7 +217,7 @@ int
der_get_printable_string(const unsigned char *p, size_t len, der_get_printable_string(const unsigned char *p, size_t len,
heim_printable_string *str, size_t *size) heim_printable_string *str, size_t *size)
{ {
if (len > len + 1) { if (len == SIZE_MAX) {
gen_data_zero(str); gen_data_zero(str);
return ASN1_BAD_LENGTH; return ASN1_BAD_LENGTH;
} }
@@ -493,7 +493,7 @@ der_get_time (const unsigned char *p, size_t len,
char *times; char *times;
int e; int e;
if (len > len + 1 || len == 0) if (len == SIZE_MAX || len == 0)
return ASN1_BAD_LENGTH; return ASN1_BAD_LENGTH;
times = malloc(len + 1); times = malloc(len + 1);
@@ -531,7 +531,7 @@ der_get_oid (const unsigned char *p, size_t len,
if (len < 1) if (len < 1)
return ASN1_OVERRUN; return ASN1_OVERRUN;
if (len > len + 1) if (len == SIZE_MAX)
return ASN1_BAD_LENGTH; return ASN1_BAD_LENGTH;
if (len + 1 > UINT_MAX/sizeof(data->components[0])) if (len + 1 > UINT_MAX/sizeof(data->components[0]))