Avoid overflow issues in X509_cmp.

The length is a long, so returning the difference does not quite work. Thanks to Torbjörn Granlund for noticing. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Richard Levitte <levitte@openssl.org>

Avoid overflow issues in X509_cmp.
The length is a long, so returning the difference does not quite work. Thanks to Torbjörn Granlund for noticing. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Richard Levitte <levitte@openssl.org>
87a8405b · David Benjamin · Richard Levitte · a1f41284 · 87a8405b
隐藏空白更改
内联并排

Showing with 4 addition and 3 deletion

crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +4 -3

未找到文件。
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -187,9 +187,10 @@ int X509_cmp(const X509 *a, const X509 *b)
        return rv;
    /* Check for match against stored encoding too */
    if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
-        rv = (int)(a->cert_info.enc.len - b->cert_info.enc.len);
-        if (rv)
-            return rv;
+        if (a->cert_info.enc.len < b->cert_info.enc.len)
+            return -1;
+        if (a->cert_info.enc.len > b->cert_info.enc.len)
+            return 1;
        return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
                      a->cert_info.enc.len);
    }