diff options
author | Daiki Ueno <dueno@src.gnome.org> | 2019-09-16 16:33:08 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2019-09-24 04:53:02 +0000 |
commit | 10a3663d10a9326cde76f7cfd7cb57efbd7e5e9c (patch) | |
tree | 6ec93302cc16abdcfd003e6b1c5c919e176be9cd /egg | |
parent | fb69d6ca6cb6fe290f1473c961bbf1379966d83a (diff) | |
download | gnome-keyring-10a3663d10a9326cde76f7cfd7cb57efbd7e5e9c.tar.gz |
egg-asn1x: Avoid signed integer overflow
Diffstat (limited to 'egg')
-rw-r--r-- | egg/egg-asn1x.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/egg/egg-asn1x.c b/egg/egg-asn1x.c index b2bc7614..7983b52a 100644 --- a/egg/egg-asn1x.c +++ b/egg/egg-asn1x.c @@ -763,7 +763,7 @@ atlv_parse_length (const guchar *at, const guchar *end, gint *off) { - gint ans, last; + gint ans; gint k, punt; gint n_data; @@ -789,19 +789,15 @@ atlv_parse_length (const guchar *at, if (k) { ans = 0; while (punt <= k && punt < n_data) { - last = ans; - ans = ans * 256; - /* we wrapped around, no bignum support... */ - if (ans < last) + if (ans > G_MAXINT / 256) return -2; - - last = ans; - ans += at[punt++]; + ans = ans * 256; /* we wrapped around, no bignum support... */ - if (ans < last) + if (ans > G_MAXINT - at[punt]) return -2; + ans += at[punt++]; } /* indefinite length method */ |