From 50066236eb3b31c93aaa935ca38f5cc1ec056696 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Tue, 16 Jul 2024 11:38:33 -0400 Subject: Fix coverity-1604661 Coverity called out an error in asn1parse_main, indicating that the for(;;) loop which repeatedly reads from a bio and updates the length value num, may overflow said value prior to exiting the loop. We could probably call this a false positive, but on very large PEM file, I suppose it could happen, so just add a check to ensure that num doesn't go from a large positive to a large negative value inside the loop Fixes openssl/private#571 Reviewed-by: Tom Cosgrove Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24910) --- apps/asn1parse.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'apps') diff --git a/apps/asn1parse.c b/apps/asn1parse.c index bf62f85947..26b7cf2173 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -216,6 +216,9 @@ int asn1parse_main(int argc, char **argv) i = BIO_read(in, &(buf->data[num]), BUFSIZ); if (i <= 0) break; + /* make sure num doesn't overflow */ + if (i > LONG_MAX - num) + goto end; num += i; } } -- cgit v1.2.3