diff options
| author | tb <> | 2024-02-15 10:34:30 +0000 |
|---|---|---|
| committer | tb <> | 2024-02-15 10:34:30 +0000 |
| commit | 59e4b1d0ca73ceddc625a2b878ff4642d1df6e91 (patch) | |
| tree | 2c6d4a6e183d71895f9d86cd8c89bdec863c9bf9 /src/lib | |
| parent | 16c8a1ea3629772fdd16fd22a98ba46545e9e3a1 (diff) | |
| download | openbsd-59e4b1d0ca73ceddc625a2b878ff4642d1df6e91.tar.gz openbsd-59e4b1d0ca73ceddc625a2b878ff4642d1df6e91.tar.bz2 openbsd-59e4b1d0ca73ceddc625a2b878ff4642d1df6e91.zip | |
BIO_dump*() avoid signed integer overflow
This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior. With an indent of 64, as little as 26 MB is enough to make this
happen.
ok jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/bio/b_dump.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c index 09b011268e..39cd94e767 100644 --- a/src/lib/libcrypto/bio/b_dump.c +++ b/src/lib/libcrypto/bio/b_dump.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: b_dump.c,v 1.28 2024/02/02 10:53:48 tb Exp $ */ | 1 | /* $OpenBSD: b_dump.c,v 1.29 2024/02/15 10:34:30 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <limits.h> | ||
| 59 | #include <stdint.h> | 60 | #include <stdint.h> |
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| 61 | #include <string.h> | 62 | #include <string.h> |
| @@ -134,6 +135,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 134 | if ((written = BIO_printf(bio, "%*s%04x - ", indent, "", | 135 | if ((written = BIO_printf(bio, "%*s%04x - ", indent, "", |
| 135 | dumped)) < 0) | 136 | dumped)) < 0) |
| 136 | goto err; | 137 | goto err; |
| 138 | if (printed > INT_MAX - written) | ||
| 139 | goto err; | ||
| 137 | printed += written; | 140 | printed += written; |
| 138 | 141 | ||
| 139 | /* | 142 | /* |
| @@ -154,6 +157,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 154 | sep = '-'; | 157 | sep = '-'; |
| 155 | if ((written = BIO_printf(bio, "%02x%c", u8, sep)) < 0) | 158 | if ((written = BIO_printf(bio, "%02x%c", u8, sep)) < 0) |
| 156 | goto err; | 159 | goto err; |
| 160 | if (printed > INT_MAX - written) | ||
| 161 | goto err; | ||
| 157 | printed += written; | 162 | printed += written; |
| 158 | 163 | ||
| 159 | /* Locale-independent version of !isprint(u8). */ | 164 | /* Locale-independent version of !isprint(u8). */ |
| @@ -173,6 +178,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 173 | if ((written = BIO_printf(bio, "%*s%.*s\n", 3 * missing + 2, "", | 178 | if ((written = BIO_printf(bio, "%*s%.*s\n", 3 * missing + 2, "", |
| 174 | row_bytes, ascii_dump)) < 0) | 179 | row_bytes, ascii_dump)) < 0) |
| 175 | goto err; | 180 | goto err; |
| 181 | if (printed > INT_MAX - written) | ||
| 182 | goto err; | ||
| 176 | printed += written; | 183 | printed += written; |
| 177 | 184 | ||
| 178 | dumped += row_bytes; | 185 | dumped += row_bytes; |
| @@ -182,6 +189,8 @@ BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 182 | if ((written = BIO_printf(bio, "%*s%04x - <SPACES/NULS>\n", | 189 | if ((written = BIO_printf(bio, "%*s%04x - <SPACES/NULS>\n", |
| 183 | indent, "", dumped + trailing)) < 0) | 190 | indent, "", dumped + trailing)) < 0) |
| 184 | goto err; | 191 | goto err; |
| 192 | if (printed > INT_MAX - written) | ||
| 193 | goto err; | ||
| 185 | printed += written; | 194 | printed += written; |
| 186 | } | 195 | } |
| 187 | 196 | ||