Ensure no overflow in signed output length in do_buf#2988
Merged
torben-hansen merged 2 commits intoaws:mainfrom Feb 16, 2026
Merged
Ensure no overflow in signed output length in do_buf#2988torben-hansen merged 2 commits intoaws:mainfrom
torben-hansen merged 2 commits intoaws:mainfrom
Conversation
torben-hansen
temporarily deployed
to
auto-approve
GitHub Actions
Inactive
torben-hansen
temporarily deployed
to
auto-approve
GitHub Actions
Inactive
torben-hansen
temporarily deployed
to
auto-approve
GitHub Actions
Inactive
torben-hansen
temporarily deployed
to
auto-approve
GitHub Actions
Inactive
torben-hansen
temporarily deployed
to
auto-approve
GitHub Actions
Inactive
torben-hansen
temporarily deployed
to
auto-approve
GitHub Actions
Inactive
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2988 +/- ##
=======================================
Coverage 78.30% 78.31%
=======================================
Files 689 689
Lines 120966 120972 +6
Branches 16988 16965 -23
=======================================
+ Hits 94720 94735 +15
+ Misses 25350 25340 -10
- Partials 896 897 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
dkostic
approved these changes
Feb 13, 2026
| } | ||
|
|
||
| // Ensure addition doesn't overflow and corrupt the signed output length | ||
| if (len > INT_MAX - outlen) { |
Contributor
There was a problem hiding this comment.
does this hold up under our various endianness cocnerns?
Contributor
Author
There was a problem hiding this comment.
Yes, the order of the byte representation doesn't influence this kind of expression - it doesn't operate on the byte-representation.
WillChilds-Klein
approved these changes
Feb 16, 2026
Merged
justsmth
added a commit
that referenced
this pull request
Feb 20, 2026
### Description of changes: * Bump urllib3 from 2.6.0 to 2.6.3 in /tests/ci by @dependabot[bot] in #2932 * Add weekly automated check for outdated third-party test vectors by @sgmenda in #2933 * Enable Hybrid PQ KeyShares by default by @alexw91 in #2531 * Remove AVX conditional from cmake script by @torben-hansen in #2958 * openssl-ca command implementation for self-sign certificates by @skmcgrail in #2937 * Initial Framework for Using Doxygen to Document Public Header Files by @m271828 in #2908 * Move md4 out of FIPS module by @torben-hansen in #2956 * Fix image-build-windows workflow to only push on workflow_call and workflow_dispatch by @skmcgrail in #2961 * Remove FIPS counter framework and other tidying up by @torben-hansen in #2947 * Model Device Farm CI Resources in CDK by @skmcgrail in #2965 * Adds a new randomness generation API by @torben-hansen in #2963 * Migrate Android Testing to GitHub Actions by @skmcgrail in #2969 * Ensure pkcs7 checks ASN1_TYPE->type by @skmcgrail in #2968 * Fix checkout logic for android-omnibus by @skmcgrail in #2970 * Add missing env vars to check-vectors workflow step by @sgmenda in #2962 * Shorten Windows Build Directory Path by @skmcgrail in #2974 * Bump mysql cluster version by @WillChilds-Klein in #2967 * Integrate Wycheproof ML-DSA test vectors by @sgmenda in #2973 * Simplify FIPS conditional in top-level build script by @torben-hansen in #2976 * Fix aws-lc-rs CI job by @justsmth in #2966 * Add method to get type of ML-DSA instance configured under EVP PKEY by @torben-hansen in #2980 * Nmap build needs liblinear by @justsmth in #2985 * Disable SLP vectorizer for FIPS shared library builds on GCC 14+ by @geedo0 in #2977 * Update Wycheproof ECDSA test vectors and fix workflow typo by @sgmenda in #2972 * Address some CMake findings by @skmcgrail in #2979 * Bump bytes from 1.7.1 to 1.11.1 in /tests/ci/lambda by @dependabot[bot] in #2983 * Support GCC 4.8 for aarch64 by @justsmth in #2964 * Free potential memory before assigning new pointer by @torben-hansen in #2989 * Add PyOpenSSL integration test by @WillChilds-Klein in #2992 * Ensure index argument is not negative in ASN1_BIT_STRING_set_bit by @torben-hansen in #2987 * Ensure no overflow in signed output length in do_buf by @torben-hansen in #2988 * Remove redundant CPython 3.9 integration test by @WillChilds-Klein in #2996 * Ensure public key is set before verifying through ML-DSA verify by @torben-hansen in #2990 * Correct CCM nids in object definition by @torben-hansen in #2991 * Address Reported Bug Findings by @skmcgrail in #3000 * Fix CI: gcc-4.8 by @justsmth in #3011 * Fix Windows CI: use `cd /d` in run_windows_tests.bat to handle cross-drive paths by @justsmth in #3012 * Fix OPENSSL_memchr per C23 by @justsmth in #3008 * Fix argument order in `hmac_copy` by @justsmth in #3014 * Miscellaneous CI improvements by @skmcgrail in #2978 * Fix CI: mariadb by @justsmth in #3015 * Update Ubuntu 24:04 image compiler verification by @skmcgrail in #3017 * Support WASM/Emscripten by @justsmth in #2959 * Generate Rust Bindings by @justsmth in #2999 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of changes:
In some cases,
outlenwould be able to overflow. But it would require the string to be very long (hundreds of mbs). This is partially avoided byASN1_STRING_set()ensuring strings are less thanASN1_STRING_MAX. Yet, one could useASN1_STRING_set0()which doesn't require that. Latter is a void function and I can't tell what might or might not be using it. Instead just check for overflow inline. Printing function anyway.Call-outs:
Reported by Petr Praus
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.