diff options
author | Robert Löhning <robert.loehning@qt.io> | 2021-02-01 17:57:40 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-03-18 21:04:59 +0000 |
commit | 13c0eee15f783b695149739ad04cd9bef67fd630 (patch) | |
tree | 31e93dd6a83965dd03f3441b61057e31a4eb4405 /src | |
parent | b668373477cc9815d7277f8a5136da11735d8f46 (diff) |
QAsn1Element: Avoid overflow in QAsn1Element::toInteger
Fixes oss-fuzz issue 29534.
Change-Id: I51d0b8238c73e5860c40d3b74577ddb8926647a3
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
(cherry picked from commit 11a3eab1e168256778c45090b56e998e50c08c55)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qasn1element.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 13fc095e12..3df76c3774 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -327,8 +327,9 @@ qint64 QAsn1Element::toInteger(bool *ok) const return 0; } - // NOTE: negative numbers are not handled - if (mValue.at(0) & 0x80) { + // NOTE: - negative numbers are not handled + // - greater sizes would overflow + if (mValue.at(0) & 0x80 || mValue.size() > 8) { if (ok) *ok = false; return 0; |