QAsn1Element: Avoid overflow in QAsn1Element::toInteger

Fixes oss-fuzz issue 29534. Change-Id: I51d0b8238c73e5860c40d3b74577ddb8926647a3 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> (cherry picked from commit 11a3eab1e168256778c45090b56e998e50c08c55) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Robert Löhning <robert.loehning@qt.io> 2021-02-01 17:57:40 +0100
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2021-03-18 21:04:59 +0000
commit: 13c0eee15f783b695149739ad04cd9bef67fd630 (patch)
tree: 31e93dd6a83965dd03f3441b61057e31a4eb4405 /src
parent: b668373477cc9815d7277f8a5136da11735d8f46 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp
index 13fc095e12..3df76c3774 100644
--- a/src/network/ssl/qasn1element.cpp
+++ b/src/network/ssl/qasn1element.cpp
@@ -327,8 +327,9 @@ qint64 QAsn1Element::toInteger(bool *ok) const
         return 0;
     }
 
-    // NOTE: negative numbers are not handled
-    if (mValue.at(0) & 0x80) {
+    // NOTE: - negative numbers are not handled
+    //       - greater sizes would overflow
+    if (mValue.at(0) & 0x80 || mValue.size() > 8) {
         if (ok)
             *ok = false;
         return 0;
author	Robert Löhning <robert.loehning@qt.io>	2021-02-01 17:57:40 +0100
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2021-03-18 21:04:59 +0000
commit	13c0eee15f783b695149739ad04cd9bef67fd630 (patch)
tree	31e93dd6a83965dd03f3441b61057e31a4eb4405 /src
parent	b668373477cc9815d7277f8a5136da11735d8f46 (diff)