summaryrefslogtreecommitdiff
path: root/lib/libutil/ber.c
diff options
context:
space:
mode:
authorrob <rob@cvs.openbsd.org>2021-01-22 03:20:57 +0000
committerrob <rob@cvs.openbsd.org>2021-01-22 03:20:57 +0000
commit5a7df013f43ad19c091c5d13dae429ba253b8471 (patch)
tree6d2eb56ec63ad7326c3867d07016c790b777ceb3 /lib/libutil/ber.c
parentb951881fb9b86f9b4cf473adbe51228209aa0708 (diff)
Valid integer and enumerated types always have non-zero length. Perform
check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer. Tweaked and OK martijn@
Diffstat (limited to 'lib/libutil/ber.c')
-rw-r--r--lib/libutil/ber.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c
index 1698aad6147..9768ed3b82a 100644
--- a/lib/libutil/ber.c
+++ b/lib/libutil/ber.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ber.c,v 1.17 2020/09/03 19:09:57 martijn Exp $ */
+/* $OpenBSD: ber.c,v 1.18 2021/01/22 03:20:56 rob Exp $ */
/*
* Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -1258,6 +1258,10 @@ ober_read_element(struct ber *ber, struct ber_element *elm)
}
case BER_TYPE_INTEGER:
case BER_TYPE_ENUMERATED:
+ if (len < 1) {
+ errno = EINVAL;
+ return -1;
+ }
if (len > (ssize_t)sizeof(long long)) {
errno = ERANGE;
return -1;