Check for leading zeros in CBS_get_asn1_uint64.
The encoding of an INTEGER should not have leading zeros, except to pad for the
sign bit.
Change-Id: I80d22818cf1d2ca9d27e215620392e1725372aa5
Reviewed-on: https://boringssl-review.googlesource.com/4218
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bytestring/bytestring_test.cc b/crypto/bytestring/bytestring_test.cc
index ca3d835..66e9c1e 100644
--- a/crypto/bytestring/bytestring_test.cc
+++ b/crypto/bytestring/bytestring_test.cc
@@ -596,8 +596,10 @@
{"\x02\x00", 2},
// Negative number.
{"\x02\x01\x80", 3},
- // Overflow
+ // Overflow.
{"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
+ // Leading zeros.
+ {"\x02\x02\x00\x01", 4},
};
static bool TestASN1Uint64() {
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c
index 36d64d8..bd94cce 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.c
@@ -291,7 +291,12 @@
}
if ((data[0] & 0x80) != 0) {
- /* negative number */
+ /* Negative number. */
+ return 0;
+ }
+
+ if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) {
+ /* Extra leading zeros. */
return 0;
}