Avoid out-of-bounds read

Fixes CVE 2017-3735 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4276)
author: Rich Salz <rsalz@openssl.org> 2017-08-22 11:44:41 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-28 13:26:26 -0400
commit: b23171744b01e473ebbfd6edad70c1c3825ffbcd (patch)
tree: ca57683b9deed6f566c37c7330b7327320144b17 /crypto/x509v3
parent: 302eba3f6dd588f1269aba4605a007ae86b583db (diff)
download: openssl-b23171744b01e473ebbfd6edad70c1c3825ffbcd.zip
openssl-b23171744b01e473ebbfd6edad70c1c3825ffbcd.tar.gz
openssl-b23171744b01e473ebbfd6edad70c1c3825ffbcd.tar.bz2
1 files changed, 6 insertions, 4 deletions
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index f4e1298..bb58e04 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi)
  */
 unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
 {
-    return ((f != NULL &&
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
-            : 0);
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
 }
 
 /*
author	Rich Salz <rsalz@openssl.org>	2017-08-22 11:44:41 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-28 13:26:26 -0400
commit	b23171744b01e473ebbfd6edad70c1c3825ffbcd (patch)
tree	ca57683b9deed6f566c37c7330b7327320144b17 /crypto/x509v3
parent	302eba3f6dd588f1269aba4605a007ae86b583db (diff)
download	openssl-b23171744b01e473ebbfd6edad70c1c3825ffbcd.zip openssl-b23171744b01e473ebbfd6edad70c1c3825ffbcd.tar.gz openssl-b23171744b01e473ebbfd6edad70c1c3825ffbcd.tar.bz2