Add more negative checks for integers passed to OPENSSL_malloc().

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14830)
author: Shane Lontis <shane.lontis@oracle.com> 2021-04-12 13:58:14 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-04-16 12:10:08 +1000
commit: 42e7d2f10e3658c0c248df8a6edf3c48c477e4b0 (patch)
tree: 1122340c23e67327e2673fd516c5be2dc666e228 /crypto/ess
parent: 34ed73339602c361d09fe4233d65cef996356239 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index 96cb6d053f..ebfe5b93c7 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -223,6 +223,8 @@ int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
     int len;
 
     len = i2d_ESS_SIGNING_CERT(sc, NULL);
+    if (len <= 0)
+        goto err;
     if ((pp = OPENSSL_malloc(len)) == NULL) {
         ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -251,6 +253,8 @@ int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc)
     unsigned char *p, *pp = NULL;
     int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
 
+    if (len <= 0)
+        goto err;
     if ((pp = OPENSSL_malloc(len)) == NULL) {
         ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
         goto err;
author	Shane Lontis <shane.lontis@oracle.com>	2021-04-12 13:58:14 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-04-16 12:10:08 +1000
commit	42e7d2f10e3658c0c248df8a6edf3c48c477e4b0 (patch)
tree	1122340c23e67327e2673fd516c5be2dc666e228 /crypto/ess
parent	34ed73339602c361d09fe4233d65cef996356239 (diff)