Avoid out-of-bounds read

Fixes CVE 2017-3735 Reviewed-by: N Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4276)

Avoid out-of-bounds read
Fixes CVE 2017-3735 Reviewed-by: N Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4276)
b2317174 · Rich Salz · 302eba3f · b2317174
隐藏空白更改
内联并排

Showing with 6 addition and 4 deletion

crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c +6 -4

未找到文件。
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi)
 */
 unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
 {
-    return ((f != NULL &&
+    if (f == NULL
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
+            || f->addressFamily == NULL
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+            || f->addressFamily->data == NULL
-            : 0);
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
 }
 /*