Check for error return from ASN1_object_size

Otherwise we try to malloc a -1 size. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-08-22 23:39:28 +0100
committer: Matt Caswell <matt@openssl.org> 2016-08-23 00:19:15 +0100
commit: b197257d71694fd52ab61d173f77c8a120d3eead (patch)
tree: 65241f3b1a5d8b34b03281de1cb5b608f7c9cfe2
parent: 4d94bd362dc297c8496a479d1059ec3192fd8bbe (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 151cafaca4..e60a8d3677 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -256,6 +256,9 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
      * relies on library internals.
      */
     os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    if (os.length < 0)
+        goto err;
+
     os.data = OPENSSL_malloc(os.length);
     if (os.data == NULL)
         goto err;
author	Matt Caswell <matt@openssl.org>	2016-08-22 23:39:28 +0100
committer	Matt Caswell <matt@openssl.org>	2016-08-23 00:19:15 +0100
commit	b197257d71694fd52ab61d173f77c8a120d3eead (patch)
tree	65241f3b1a5d8b34b03281de1cb5b608f7c9cfe2
parent	4d94bd362dc297c8496a479d1059ec3192fd8bbe (diff)