diff options
author | Robert Löhning <robert.loehning@qt.io> | 2021-02-01 17:57:40 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-03-19 06:53:00 +0000 |
commit | c563cc2cdbf40db6787a9b17fc2187ea96d457db (patch) | |
tree | 83385491d19b718762b9d0bf231492ea1a7a10c6 /src | |
parent | 402f27b1fce1b90f3f1a8d5693c13a7c973e2c60 (diff) |
QAsn1Element: Avoid overflow in QAsn1Element::toInteger
Fixes oss-fuzz issue 29534.
Change-Id: I51d0b8238c73e5860c40d3b74577ddb8926647a3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 11a3eab1e168256778c45090b56e998e50c08c55)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qasn1element.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 5d1763d95b..a1f9fd44f8 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -318,8 +318,9 @@ qint64 QAsn1Element::toInteger(bool *ok) const return 0; } - // NOTE: negative numbers are not handled - if (mValue.at(0) & 0x80) { + // NOTE: - negative numbers are not handled + // - greater sizes would overflow + if (mValue.at(0) & 0x80 || mValue.size() > 8) { if (ok) *ok = false; return 0; |