diff options
author | AnotherTest <ali.mpfard@gmail.com> | 2021-03-08 10:50:40 +0330 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2021-03-08 08:32:07 +0100 |
commit | 8cc279ed74dc0b16a187052d2454c26c8c6ecaf2 (patch) | |
tree | 593c8050e4630d6d71bd1f49c2ff3f3605ef23cf /Userland/Libraries/LibCrypto | |
parent | f9f9cda025e6116ee4f1cd37ad1d1452bff2c798 (diff) | |
download | serenity-8cc279ed74dc0b16a187052d2454c26c8c6ecaf2.zip |
LibCrypto: Fail with overflow when bitfield has too many unused bits
There cannot be more unused bits than the entirety of the input.
Found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31706#c1
Diffstat (limited to 'Userland/Libraries/LibCrypto')
-rw-r--r-- | Userland/Libraries/LibCrypto/ASN1/DER.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Userland/Libraries/LibCrypto/ASN1/DER.cpp b/Userland/Libraries/LibCrypto/ASN1/DER.cpp index 1fcbbc113b..d09c7ee87e 100644 --- a/Userland/Libraries/LibCrypto/ASN1/DER.cpp +++ b/Userland/Libraries/LibCrypto/ASN1/DER.cpp @@ -196,7 +196,12 @@ Result<const BitmapView, DecodeError> Decoder::decode_bit_string(ReadonlyBytes d return DecodeError::InvalidInputFormat; auto unused_bits = data[0]; - return BitmapView { const_cast<u8*>(data.offset_pointer(1)), data.size() * 8 - unused_bits }; + auto total_size_in_bits = data.size() * 8; + + if (unused_bits > total_size_in_bits) + return DecodeError::Overflow; + + return BitmapView { const_cast<u8*>(data.offset_pointer(1)), total_size_in_bits - unused_bits }; } Result<Tag, DecodeError> Decoder::peek() |