blob: b0f8189d95d1ba93e81d3cd0357048f46d8351b5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From 31c8b265591a0aaa462a1f3eb5770661aaac67db Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Tue, 22 Aug 2017 11:44:41 -0400
Subject: [PATCH] Avoid out-of-bounds read
Fixes CVE-2017-3735
CVE: CVE-2017-3735
Upstream-Status: Backport
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4276)
(cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
crypto/x509v3/v3_addr.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 1290dec..af080a0 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
*/
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{
- return ((f != NULL &&
- f->addressFamily != NULL && f->addressFamily->data != NULL)
- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
- : 0);
+ if (f == NULL
+ || f->addressFamily == NULL
+ || f->addressFamily->data == NULL
+ || f->addressFamily->length < 2)
+ return 0;
+ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
}
/*
--
1.9.1
|
