1 files changed, 21 insertions, 6 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index bb2e9e5867..64dd830514 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.28 2021/12/25 23:35:25 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.29 2021/12/28 15:49:11 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -73,6 +73,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "bytestring.h"
 #include "x509_lcl.h"
 #ifndef OPENSSL_NO_RFC3779
@@ -330,16 +331,30 @@ length_from_afi(const unsigned afi)
 /*
 * Extract the AFI from an IPAddressFamily.
+ *
+ * This is public API. It uses the reserved AFI 0 as an in-band error
+ * while it doesn't care about the reserved AFI 65535...
 */
 unsigned int
 X509v3_addr_get_afi(const IPAddressFamily *f)
 {
-        if (f == NULL ||
+        CBS cbs;
-            f->addressFamily == NULL ||
+        uint16_t afi;
-            f->addressFamily->data == NULL ||
-            f->addressFamily->length < 2)
+        /*
+         * XXX are these NULL checks really sensible? If f is non-NULL, it
+         * should have both addressFamily and ipAddressChoice...
+         */
+        if (f == NULL || f->addressFamily == NULL ||
+            f->addressFamily->data == NULL)
                return 0;
-        return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+        CBS_init(&cbs, f->addressFamily->data, f->addressFamily->length);
+        if (!CBS_get_u16(&cbs, &afi))
+                return 0;
+        return afi;
 }
 /*

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index bb2e9e5867..64dd830514 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_addr.c,v 1.28 2021/12/25 23:35:25 tb Exp $ */	1	/* $OpenBSD: x509_addr.c,v 1.29 2021/12/28 15:49:11 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -73,6 +73,7 @@
73	#include <openssl/x509.h>	73	#include <openssl/x509.h>
74	#include <openssl/x509v3.h>	74	#include <openssl/x509v3.h>
75		75
		76	#include "bytestring.h"
76	#include "x509_lcl.h"	77	#include "x509_lcl.h"
77		78
78	#ifndef OPENSSL_NO_RFC3779	79	#ifndef OPENSSL_NO_RFC3779
@@ -330,16 +331,30 @@ length_from_afi(const unsigned afi)
330		331
331	/*	332	/*
332	* Extract the AFI from an IPAddressFamily.	333	* Extract the AFI from an IPAddressFamily.
		334	*
		335	* This is public API. It uses the reserved AFI 0 as an in-band error
		336	* while it doesn't care about the reserved AFI 65535...
333	*/	337	*/
334	unsigned int	338	unsigned int
335	X509v3_addr_get_afi(const IPAddressFamily *f)	339	X509v3_addr_get_afi(const IPAddressFamily *f)
336	{	340	{
337	if (f == NULL \|\|	341	CBS cbs;
338	f->addressFamily == NULL \|\|	342	uint16_t afi;
339	f->addressFamily->data == NULL \|\|	343
340	f->addressFamily->length < 2)	344	/*
		345	* XXX are these NULL checks really sensible? If f is non-NULL, it
		346	* should have both addressFamily and ipAddressChoice...
		347	*/
		348	if (f == NULL \|\| f->addressFamily == NULL \|\|
		349	f->addressFamily->data == NULL)
341	return 0;	350	return 0;
342	return (f->addressFamily->data[0] << 8) \| f->addressFamily->data[1];	351
		352	CBS_init(&cbs, f->addressFamily->data, f->addressFamily->length);
		353
		354	if (!CBS_get_u16(&cbs, &afi))
		355	return 0;
		356
		357	return afi;
343	}	358	}
344		359
345	/*	360	/*