ossl_i2c_ASN1_BIT_STRING(): Fix a possible heap buffer overflow

When data contains only zero values a buffer overflow happens. CLA: trivial Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#26190)
All-Blockchains · Dec 20, 2024 · bf2dea0 · bf2dea0
1 parent 53b3456
commit bf2dea0
Showing 1 changed file with 23 additions and 18 deletions.
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
@@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
                 if (a->data[len - 1])
                     break;
             }
-            j = a->data[len - 1];
-            if (j & 0x01)
+
+            if (len == 0) {
                 bits = 0;
-            else if (j & 0x02)
-                bits = 1;
-            else if (j & 0x04)
-                bits = 2;
-            else if (j & 0x08)
-                bits = 3;
-            else if (j & 0x10)
-                bits = 4;
-            else if (j & 0x20)
-                bits = 5;
-            else if (j & 0x40)
-                bits = 6;
-            else if (j & 0x80)
-                bits = 7;
-            else
-                bits = 0;       /* should not happen */
+            } else {
+                j = a->data[len - 1];
+                if (j & 0x01)
+                    bits = 0;
+                else if (j & 0x02)
+                    bits = 1;
+                else if (j & 0x04)
+                    bits = 2;
+                else if (j & 0x08)
+                    bits = 3;
+                else if (j & 0x10)
+                    bits = 4;
+                else if (j & 0x20)
+                    bits = 5;
+                else if (j & 0x40)
+                    bits = 6;
+                else if (j & 0x80)
+                    bits = 7;
+                else
+                    bits = 0;       /* should not happen */
+            }
         }
     } else
         bits = 0;