Reject len < -1 in ASN1_mbstring_ncopy

[samuel40791765]

Issues:

Addresses V2196133741

Description of changes:

ASN1_mbstring_ncopy treats len == -1 as "call strlen on in". Any other negative value fell through unchanged and was cast to size_t by CBS_init, producing a huge length. Adds an explicit early reject for len < -1 with ASN1_R_ILLEGAL_FORMAT; -1 and non-negative values continue to behave as before.

Call-outs:

None.

Testing:

Existing ASN.1 string tests continue to pass.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[justsmth]

NP: We could add testing to the end of TEST(ASN1Test, MBString)

  // |len| values below -1 must be rejected. Only -1 is special-cased to mean
  // "call strlen on |in|"; any other negative value would otherwise be cast to
  // a huge |size_t| by |CBS_init|.
  static const uint8_t kDummy[] = {'a'};
  for (ossl_ssize_t bad_len : {(ossl_ssize_t)-2, (ossl_ssize_t)INT_MIN,
                               std::numeric_limits<ossl_ssize_t>::min()}) {
    SCOPED_TRACE(bad_len);
    EXPECT_EQ(-1, ASN1_mbstring_copy(nullptr, kDummy, bad_len, MBSTRING_UTF8,
                                     B_ASN1_UTF8STRING));
    ERR_clear_error();
    ASN1_STRING *str = nullptr;
    EXPECT_EQ(-1, ASN1_mbstring_ncopy(&str, kDummy, bad_len, MBSTRING_UTF8,
                                      B_ASN1_UTF8STRING, /*minsize=*/0,
                                      /*maxsize=*/0));
    EXPECT_EQ(nullptr, str);
    ERR_clear_error();
  }

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.13%. Comparing base (0993768) to head (e564fe8).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3232      +/-   ##
==========================================
+ Coverage   78.08%   78.13%   +0.04%     
==========================================
  Files         689      689              
  Lines      122755   123224     +469     
  Branches    17083    17137      +54     
==========================================
+ Hits        95856    96276     +420     
- Misses      25996    26038      +42     
- Partials      903      910       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.