speed: range check the argument given to -multi

For machines where sizeof(size_t) == sizeof(int) there is a possible overflow which could cause a crash. For machines where sizeof(size_t) > sizeof(int), the existing checks adequately detect the situation. Fixes #16899 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16904)
author: Pauli <pauli@openssl.org> 2021-10-25 11:16:01 +1000
committer: Pauli <pauli@openssl.org> 2021-10-27 08:26:12 +1000
commit: 7220085f22cf6c49933ea8287eb15db57f7ab0db (patch)
tree: d440899f0e3d28bb6385c9c52fe440da4c1f50fa /apps/speed.c
parent: 089df6f135b7cef4e7d0e7b7acecb1d90f5ef3ed (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/speed.c b/apps/speed.c
index 1e5295398f..4dd9ce0885 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1540,6 +1540,10 @@ int speed_main(int argc, char **argv)
         case OPT_MULTI:
 #ifndef NO_FORK
             multi = atoi(opt_arg());
+            if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
+                BIO_printf(bio_err, "%s: multi argument too large\n", prog);
+                return 0;
+            }
 #endif
             break;
         case OPT_ASYNCJOBS:
author	Pauli <pauli@openssl.org>	2021-10-25 11:16:01 +1000
committer	Pauli <pauli@openssl.org>	2021-10-27 08:26:12 +1000
commit	7220085f22cf6c49933ea8287eb15db57f7ab0db (patch)
tree	d440899f0e3d28bb6385c9c52fe440da4c1f50fa /apps/speed.c
parent	089df6f135b7cef4e7d0e7b7acecb1d90f5ef3ed (diff)