Add negative integer check when using ASN1_BIT_STRING

The negative integer check is done to prevent potential overflow. Fixes #20719. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20862)
author: mlitre <martinlitre@mac.com> 2023-05-01 11:07:21 +0200
committer: Pauli <pauli@openssl.org> 2023-05-04 09:08:23 +1000
commit: 1258a8e4361320cd3cfaf9ede692492ce01034c8 (patch)
tree: be7ab4d4c87e49b2d4aec84f3dc122de2ac7f495
parent: a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d (diff)
download: openssl-new-1258a8e4361320cd3cfaf9ede692492ce01034c8.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 00a388a3a5..bd5fcaaa34 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -145,6 +145,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
     int w, v, iv;
     unsigned char *c;
 
+    if (n < 0)
+        return 0;
+
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     iv = ~v;
@@ -177,6 +180,9 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 {
     int w, v;
 
+    if (n < 0)
+        return 0;
+
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
author	mlitre <martinlitre@mac.com>	2023-05-01 11:07:21 +0200
committer	Pauli <pauli@openssl.org>	2023-05-04 09:08:23 +1000
commit	1258a8e4361320cd3cfaf9ede692492ce01034c8 (patch)
tree	be7ab4d4c87e49b2d4aec84f3dc122de2ac7f495
parent	a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d (diff)
download	openssl-new-1258a8e4361320cd3cfaf9ede692492ce01034c8.tar.gz