diff options
author | Adam Langley <agl@google.com> | 2016-02-29 08:01:05 -0800 |
---|---|---|
committer | Narayan Kamath <narayan@google.com> | 2016-05-13 13:22:10 +0100 |
commit | c79be54ba3206605350204e419e4078906456da6 (patch) | |
tree | b69b74c4fb107ea4323318f091a3f6bc94f40e96 | |
parent | 67e4b08877196aaed1026660507da51729121522 (diff) | |
download | external_boringssl-c79be54ba3206605350204e419e4078906456da6.zip external_boringssl-c79be54ba3206605350204e419e4078906456da6.tar.gz external_boringssl-c79be54ba3206605350204e419e4078906456da6.tar.bz2 |
Fix encoding bug in i2c_ASN1_INTEGER
(Imported from upstream's 3661bb4e7934668bd99ca777ea8b30eedfafa871.)
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck
<hanno@hboeck.de> for reporting this issue.
BUG=590615
(cherry-picked from c4eec0c16b02c97a62a95b6a08656c3a9ddb6baa)
Bug: 28175332
Change-Id: I49f6ecdd9b3512f3d0a28e96dd8c48734dacf248
Reviewed-on: https://boringssl-review.googlesource.com/7199
Reviewed-by: David Benjamin <davidben@google.com>
-rw-r--r-- | src/crypto/asn1/a_int.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/crypto/asn1/a_int.c b/src/crypto/asn1/a_int.c index 9a56534..46855d9 100644 --- a/src/crypto/asn1/a_int.c +++ b/src/crypto/asn1/a_int.c @@ -125,6 +125,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) { ret=a->length; i=a->data[0]; + if (ret == 1 && i == 0) + neg=0; if (!neg && (i > 127)) { pad=1; pb=0; @@ -158,7 +160,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while(!*n) { + while(!*n && i > 1) { *(p--) = 0; n--; i--; |