diff options
author | Robert Löhning <robert.loehning@qt.io> | 2021-02-01 17:57:40 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-03-18 21:04:58 +0000 |
commit | 6deafd6004c4473ca64a98dffbd95711964535c5 (patch) | |
tree | 8f40556c947d23a1dd365bcfd5bb4e8e48f8738b /src/network | |
parent | 47a7a595c32a477c9b8de7bd92d44378ed32bed0 (diff) |
QAsn1Element: Avoid overflow in QAsn1Element::toInteger
Fixes oss-fuzz issue 29534.
Change-Id: I51d0b8238c73e5860c40d3b74577ddb8926647a3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 11a3eab1e168256778c45090b56e998e50c08c55)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qasn1element.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 13fc095e12..3df76c3774 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -327,8 +327,9 @@ qint64 QAsn1Element::toInteger(bool *ok) const return 0; } - // NOTE: negative numbers are not handled - if (mValue.at(0) & 0x80) { + // NOTE: - negative numbers are not handled + // - greater sizes would overflow + if (mValue.at(0) & 0x80 || mValue.size() > 8) { if (ok) *ok = false; return 0; |