Use malloc/memset not calloc for WinCE portability

Fixes: #2539 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4594)
author: Richard Levitte <levitte@openssl.org> 2017-10-26 20:49:47 +0200
committer: Richard Levitte <levitte@openssl.org> 2017-10-26 22:34:32 +0200
commit: 217534323ec4917c754fb454bf77b6d2ff551e23 (patch)
tree: a0a544e7f8e3d65ad74438c1ade7c434d1d6a665
parent: 44cbf6a9fe7db112ae2ed189412ab9e5205028b1 (diff)
1 files changed, 17 insertions, 2 deletions
diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c
index 07e63fb424..4961254d9a 100644
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
@@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
             TCHAR *wdir = NULL;
             /* len_0 denotes string length *with* trailing 0 */
             size_t index = 0, len_0 = strlen(extdir) + 1;
-
-            wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
+            size_t amount;
+
+            /*
+             * Size check
+             * The reasoning is that absolutely worst case, each byte in
+             * extdir will take up one TCHAR each, so the maximum size in
+             * bytes that we can tolerate is MAX_PATH TCHARs...  not counting
+             * the ending NUL.
+             */
+            if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) {
+                free(*ctx);
+                *ctx = NULL;
+                errno = EINVAL;
+                return 0;
+            }
+            amount = len_0 * sizeof(TCHAR);
+            wdir = (TCHAR *)malloc(amount);
             if (wdir == NULL) {
                 if (extdirbuf != NULL) {
                     free(extdirbuf);
author	Richard Levitte <levitte@openssl.org>	2017-10-26 20:49:47 +0200
committer	Richard Levitte <levitte@openssl.org>	2017-10-26 22:34:32 +0200
commit	217534323ec4917c754fb454bf77b6d2ff551e23 (patch)
tree	a0a544e7f8e3d65ad74438c1ade7c434d1d6a665
parent	44cbf6a9fe7db112ae2ed189412ab9e5205028b1 (diff)