Fix coverity-1604661

Coverity called out an error in asn1parse_main, indicating that the for(;;) loop which repeatedly reads from a bio and updates the length value num, may overflow said value prior to exiting the loop. We could probably call this a false positive, but on very large PEM file, I suppose it could happen, so just add a check to ensure that num doesn't go from a large positive to a large negative value inside the loop Fixes openssl/private#571 Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24910)
xhanulik · Jul 18, 2024 · 5006623 · 5006623
1 parent 0b67643
commit 5006623
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/apps/asn1parse.c b/apps/asn1parse.c
@@ -216,6 +216,9 @@ int asn1parse_main(int argc, char **argv)
                 i = BIO_read(in, &(buf->data[num]), BUFSIZ);
                 if (i <= 0)
                     break;
+                /* make sure num doesn't overflow */
+                if (i > LONG_MAX - num)
+                    goto end;
                 num += i;
             }
         }