From: Thomas Pornin <pornin@bolet.org>
Date: Mon, 9 Jan 2017 15:48:52 +0000 (+0100)
Subject: Fixed wrong check on length overflow (unsigned/signed issue).
X-Git-Tag: v0.4~25
X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=commitdiff_plain;h=52b3f2820f9b59f9eb87de87de1d9577d47b47ad

Fixed wrong check on length overflow (unsigned/signed issue).
---

diff --git a/src/x509/asn1.t0 b/src/x509/asn1.t0
index 1b3313a..d6bb2e4 100644
--- a/src/x509/asn1.t0
+++ b/src/x509/asn1.t0
@@ -284,7 +284,7 @@ cc: get32 ( addr -- val ) {
 	\ single integer.
 	{ n } 0
 	begin n 0 > while n 1- >n
-		dup 0xFFFFFF > if ERR_X509_INNER_TRUNC fail then
+		dup 0x7FFFFF > if ERR_X509_INNER_TRUNC fail then
 		8 << swap read8 rot +
 	repeat ;
 
diff --git a/src/x509/skey_decoder.c b/src/x509/skey_decoder.c
index 9640e85..be681dd 100644
--- a/src/x509/skey_decoder.c
+++ b/src/x509/skey_decoder.c
@@ -177,7 +177,7 @@ static const uint8_t t0_codeblock[] = {
 	0x14, 0x35, 0x1C, 0x08, 0x20, 0x1C, 0x07, 0x20, 0x4E, 0x00, 0x01, 0x59,
 	0x14, 0x01, 0x81, 0x00, 0x0A, 0x06, 0x01, 0x00, 0x01, 0x81, 0x00, 0x08,
 	0x14, 0x05, 0x02, 0x28, 0x16, 0x03, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01,
-	0x00, 0x0E, 0x06, 0x19, 0x02, 0x00, 0x23, 0x03, 0x00, 0x14, 0x01, 0x87,
+	0x00, 0x0E, 0x06, 0x19, 0x02, 0x00, 0x23, 0x03, 0x00, 0x14, 0x01, 0x83,
 	0xFF, 0xFF, 0x7F, 0x0E, 0x06, 0x02, 0x29, 0x16, 0x01, 0x08, 0x0B, 0x20,
 	0x59, 0x1C, 0x07, 0x04, 0x60, 0x00, 0x00, 0x52, 0x4A, 0x00, 0x00, 0x57,
 	0x3C, 0x53, 0x00, 0x01, 0x53, 0x14, 0x05, 0x02, 0x2E, 0x16, 0x59, 0x14,
diff --git a/src/x509/x509_decoder.c b/src/x509/x509_decoder.c
index 6d64a8d..64a7996 100644
--- a/src/x509/x509_decoder.c
+++ b/src/x509/x509_decoder.c
@@ -238,7 +238,7 @@ static const uint8_t t0_codeblock[] = {
 	0x1A, 0x02, 0x00, 0x02, 0x01, 0x0A, 0x00, 0x01, 0x72, 0x1B, 0x01, 0x81,
 	0x00, 0x0D, 0x06, 0x01, 0x00, 0x01, 0x81, 0x00, 0x0A, 0x1B, 0x05, 0x02,
 	0x31, 0x1D, 0x03, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x12, 0x06,
-	0x19, 0x02, 0x00, 0x2A, 0x03, 0x00, 0x1B, 0x01, 0x87, 0xFF, 0xFF, 0x7F,
+	0x19, 0x02, 0x00, 0x2A, 0x03, 0x00, 0x1B, 0x01, 0x83, 0xFF, 0xFF, 0x7F,
 	0x12, 0x06, 0x02, 0x32, 0x1D, 0x01, 0x08, 0x0E, 0x26, 0x72, 0x23, 0x09,
 	0x04, 0x60, 0x00, 0x00, 0x6A, 0x5E, 0x00, 0x00, 0x6B, 0x7A, 0x00, 0x00,
 	0x70, 0x4E, 0x6B, 0x00, 0x01, 0x6B, 0x1B, 0x05, 0x02, 0x36, 0x1D, 0x72,
diff --git a/src/x509/x509_minimal.c b/src/x509/x509_minimal.c
index 037db84..0476a29 100644
--- a/src/x509/x509_minimal.c
+++ b/src/x509/x509_minimal.c
@@ -709,7 +709,7 @@ static const uint8_t t0_codeblock[] = {
 	0x01, 0x0A, 0x00, 0x01, 0xB7, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01,
 	0x00, 0x01, 0x81, 0x00, 0x0A, 0x25, 0x05, 0x02, 0x4E, 0x28, 0x03, 0x00,
 	0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, 0x00, 0x41,
-	0x03, 0x00, 0x25, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F,
+	0x03, 0x00, 0x25, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F,
 	0x28, 0x01, 0x08, 0x0E, 0x3B, 0xB7, 0x34, 0x09, 0x04, 0x60, 0x00, 0x00,
 	0xA9, 0x93, 0x00, 0x00, 0xAA, 0xBF, 0x00, 0x00, 0xB0, 0x75, 0xAA, 0x00,
 	0x01, 0xAA, 0x25, 0x05, 0x02, 0x54, 0x28, 0xB7, 0x25, 0x01, 0x81, 0x00,