mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 05:47:34 +00:00
LibCrypto: Fix bound checks when reading bitmaps
This only affects malformed RSA keys. Instead of accepting and
continuing with potentially broken pointers (and in ASAN, crashing), we
now consider bitmaps malformed, and stop parsing.
Found by OSS Fuzz: #31698, long-standing-bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31698
Fun fact: The "if" only exists because of OSS Fuzz.
8cc279ed74
This commit is contained in:
parent
3e0266c9e9
commit
05d49cc0cb
2 changed files with 1 additions and 4 deletions
|
@ -176,7 +176,7 @@ Result<const BitmapView, DecodeError> Decoder::decode_bit_string(ReadonlyBytes d
|
|||
return DecodeError::InvalidInputFormat;
|
||||
|
||||
auto unused_bits = data[0];
|
||||
auto total_size_in_bits = data.size() * 8;
|
||||
auto total_size_in_bits = (data.size() - 1) * 8;
|
||||
|
||||
if (unused_bits > total_size_in_bits)
|
||||
return DecodeError::Overflow;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue