QAsn1Element: Avoid overflow in QAsn1Element::toInteger

Fixes oss-fuzz issue 29534. Change-Id: I51d0b8238c73e5860c40d3b74577ddb8926647a3 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 11a3eab1e168256778c45090b56e998e50c08c55) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Robert Löhning <robert.loehning@qt.io> 2021-02-01 17:57:40 +0100
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2021-03-19 06:53:00 +0000
commit: c563cc2cdbf40db6787a9b17fc2187ea96d457db (patch)
tree: 83385491d19b718762b9d0bf231492ea1a7a10c6 /src
parent: 402f27b1fce1b90f3f1a8d5693c13a7c973e2c60 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp
index 5d1763d95b..a1f9fd44f8 100644
--- a/src/network/ssl/qasn1element.cpp
+++ b/src/network/ssl/qasn1element.cpp
@@ -318,8 +318,9 @@ qint64 QAsn1Element::toInteger(bool *ok) const
         return 0;
     }
 
-    // NOTE: negative numbers are not handled
-    if (mValue.at(0) & 0x80) {
+    // NOTE: - negative numbers are not handled
+    //       - greater sizes would overflow
+    if (mValue.at(0) & 0x80 || mValue.size() > 8) {
         if (ok)
             *ok = false;
         return 0;
author	Robert Löhning <robert.loehning@qt.io>	2021-02-01 17:57:40 +0100
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2021-03-19 06:53:00 +0000
commit	c563cc2cdbf40db6787a9b17fc2187ea96d457db (patch)
tree	83385491d19b718762b9d0bf231492ea1a7a10c6 /src
parent	402f27b1fce1b90f3f1a8d5693c13a7c973e2c60 (diff)