diff options
author | rob <rob@cvs.openbsd.org> | 2021-01-22 03:20:57 +0000 |
---|---|---|
committer | rob <rob@cvs.openbsd.org> | 2021-01-22 03:20:57 +0000 |
commit | 5a7df013f43ad19c091c5d13dae429ba253b8471 (patch) | |
tree | 6d2eb56ec63ad7326c3867d07016c790b777ceb3 /lib/libutil/ber.c | |
parent | b951881fb9b86f9b4cf473adbe51228209aa0708 (diff) |
Valid integer and enumerated types always have non-zero length. Perform
check to ensure we avoid a possible (undefined) negative shift. Found
with clang static analyzer.
Tweaked and OK martijn@
Diffstat (limited to 'lib/libutil/ber.c')
-rw-r--r-- | lib/libutil/ber.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c index 1698aad6147..9768ed3b82a 100644 --- a/lib/libutil/ber.c +++ b/lib/libutil/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.17 2020/09/03 19:09:57 martijn Exp $ */ +/* $OpenBSD: ber.c,v 1.18 2021/01/22 03:20:56 rob Exp $ */ /* * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org> @@ -1258,6 +1258,10 @@ ober_read_element(struct ber *ber, struct ber_element *elm) } case BER_TYPE_INTEGER: case BER_TYPE_ENUMERATED: + if (len < 1) { + errno = EINVAL; + return -1; + } if (len > (ssize_t)sizeof(long long)) { errno = ERANGE; return -1; |