Fix faulty check of padding in x_long.c

Bug uncovered by test

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3088)

diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 615d24df088fec0ed90fd9e27ace1aa2e6cb4921..a7b90231c0e6f790158cd0e807779630ee8e340e 100644 (file)
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -110,7 +110,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     unsigned long utmp = 0;
     char *cp = (char *)pval;
 
-    if (len) {
+    if (len > 1) {
         /*
          * Check possible pad byte.  Worst case, we're skipping past actual
          * content, but since that's only with 0x00 and 0xff and we set neg
@@ -120,7 +120,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         case 0xff:
             cont++;
             len--;
-            neg = 1;
+            neg = 0x80;
             break;
         case 0:
             cont++;
@@ -139,6 +139,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
             neg = 1;
         else
             neg = 0;
+    } else if (neg == (cont[0] & 0x80)) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+        return 0;
     }
     utmp = 0;
     for (i = 0; i < len; i++) {