Harden the lower level parts of crypto/asn1 against overflows.
The legacy ASN.1 stack contains an unsalvageable mix of integer types.
82dfea8d9e65c4e57cc9fb2bd3f0dd49f5b31f45 bounded all inputs to the template
machinery, but sometimes code will call ASN1_get_object directly, such as the
just deleted d2i_ASN1_UINTEGER.
Thanks to mlbrown for reporting the d2i_ASN1_UINTEGER overflow.
Bug: chromium:942269
Change-Id: I2d4c8b7faf5dadd1b68dbdb51a5feae071ea2cb6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35325
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index ea727f3..8526aba 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -205,7 +205,11 @@
} else
ret = i;
}
- if (ret > LONG_MAX)
+ /*
+ * Bound the length to comfortably fit in an int. Lengths in this module
+ * often switch between int and long without overflow checks.
+ */
+ if (ret > INT_MAX / 2)
return 0;
*pp = p;
*rl = (long)ret;