From 87a8405b66e94cbfc40c44104c3b52f342a623d5 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 27 Apr 2016 20:02:35 -0400 Subject: [PATCH] Avoid overflow issues in X509_cmp. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The length is a long, so returning the difference does not quite work. Thanks to Torbjörn Granlund for noticing. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- crypto/x509/x509_cmp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index d3b2c199b9..831cfb70f0 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -187,9 +187,10 @@ int X509_cmp(const X509 *a, const X509 *b) return rv; /* Check for match against stored encoding too */ if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { - rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len); - if (rv) - return rv; + if (a->cert_info.enc.len < b->cert_info.enc.len) + return -1; + if (a->cert_info.enc.len > b->cert_info.enc.len) + return 1; return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc, a->cert_info.enc.len); } -- 2.25.1