diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2021-02-24 13:38:25 -0800 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2021-02-26 15:42:59 -0800 |
commit | 90b4247cc5dca58cee9da5f6975bb38fd200100a (patch) | |
tree | ee00f9c403b6234039ee8ae96e7463b02516552a /crypto | |
parent | d2ccfb9caa9f69d4980f8fe49a15a043c91b40c5 (diff) |
Check ASN1_item_ndef_i2d() return value.
Return an error instead of trying to malloc a negative number.
The other usage in this file already had a similar check, and the caller
should have put an entry on the error stack already.
Note that we only check the initial calls to obtain the encoded length,
and assume that the follow-up call to actually encode to the allocated
storage will succeed if the first one did.
Fixes: #14177
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14308)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/bio_ndef.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 87c22e897c..f1ad8d3e70 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -114,6 +114,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ndef_aux = *(NDEF_SUPPORT **)parg; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + if (derlen < 0) + return 0; if ((p = OPENSSL_malloc(derlen)) == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; |