From 31c8b265591a0aaa462a1f3eb5770661aaac67db Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 22 Aug 2017 11:44:41 -0400 Subject: [PATCH] Avoid out-of-bounds read Fixes CVE 2017-3735 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/4276) (cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd) --- crypto/x509v3/v3_addr.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 1290dec9bb..af080a04f2 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi) */ unsigned int v3_addr_get_afi(const IPAddressFamily *f) { - return ((f != NULL && - f->addressFamily != NULL && f->addressFamily->data != NULL) - ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) - : 0); + if (f == NULL + || f->addressFamily == NULL + || f->addressFamily->data == NULL + || f->addressFamily->length < 2) + return 0; + return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; } /* -- 2.25.1