From 29b9da7821a13089ea3b8eed4a40beb9dd5ef0ee Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 29 Apr 2026 10:02:11 +0200 Subject: [PATCH] CLEANUP: jwe: fix theoretical overflow in AAD length calculation The expression items[JWE_ELT_JOSE].length << 3 performs the shift on an unsigned int (32-bit) before being cast to uint64_t instead of after. This means that we don't cover for a possible overflow (which would never happen as it would need a header length beyond 512MB). At least fixing it will avoid code check reports. --- src/jwe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jwe.c b/src/jwe.c index 2b8eafe59..27762c8d3 100644 --- a/src/jwe.c +++ b/src/jwe.c @@ -448,7 +448,7 @@ static int build_and_check_tag(jwe_enc enc, struct jwt_item items[JWE_ELT_MAX], int retval = 1; const EVP_MD *hash = NULL; int mac_key_len = 0; - uint64_t aad_len = my_htonll(items[JWE_ELT_JOSE].length << 3); + uint64_t aad_len = my_htonll((uint64_t)items[JWE_ELT_JOSE].length << 3); struct buffer *tag_data = alloc_trash_chunk(); struct buffer *hmac = alloc_trash_chunk();