diff options
| author |   rob <rob@openbsd.org> | 2021-01-22 03:20:56 +0000 |
|---|---|---|
| committer | rob <rob@openbsd.org> | 2021-01-22 03:20:56 +0000 |
| commit | 68ec4783ef349f19c081b409615ef48bf54724c0 (patch) | |
| tree | 6e1e0497c2c4ad20698a2fcae1e0e8083084ae86 | |
| parent | PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms here too. (diff) | |
| download | wireguard-openbsd-68ec4783ef349f19c081b409615ef48bf54724c0.tar.xz wireguard-openbsd-68ec4783ef349f19c081b409615ef48bf54724c0.zip | |
Valid integer and enumerated types always have non-zero length. Perform
check to ensure we avoid a possible (undefined) negative shift. Found
with clang static analyzer.
Tweaked and OK martijn@
| -rw-r--r-- | lib/libutil/ber.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c index 1698aad6147..9768ed3b82a 100644 --- a/lib/libutil/ber.c +++ b/lib/libutil/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.17 2020/09/03 19:09:57 martijn Exp $ */ +/* $OpenBSD: ber.c,v 1.18 2021/01/22 03:20:56 rob Exp $ */ /* * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org> @@ -1258,6 +1258,10 @@ ober_read_element(struct ber *ber, struct ber_element *elm) } case BER_TYPE_INTEGER: case BER_TYPE_ENUMERATED: + if (len < 1) { + errno = EINVAL; + return -1; + } if (len > (ssize_t)sizeof(long long)) { errno = ERANGE; return -1; |