Check ASN1_item_ndef_i2d() return value.

Return an error instead of trying to malloc a negative number. The other usage in this file already had a similar check, and the caller should have put an entry on the error stack already. Note that we only check the initial calls to obtain the encoded length, and assume that the follow-up call to actually encode to the allocated storage will succeed if the first one did. Fixes: #14177 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14308)
author: Benjamin Kaduk <bkaduk@akamai.com> 2021-02-24 13:38:25 -0800
committer: Benjamin Kaduk <bkaduk@akamai.com> 2021-02-26 15:42:59 -0800
commit: 90b4247cc5dca58cee9da5f6975bb38fd200100a (patch)
tree: ee00f9c403b6234039ee8ae96e7463b02516552a /crypto
parent: d2ccfb9caa9f69d4980f8fe49a15a043c91b40c5 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index 87c22e897c..f1ad8d3e70 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -114,6 +114,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if (derlen < 0)
+        return 0;
     if ((p = OPENSSL_malloc(derlen)) == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
         return 0;
author	Benjamin Kaduk <bkaduk@akamai.com>	2021-02-24 13:38:25 -0800
committer	Benjamin Kaduk <bkaduk@akamai.com>	2021-02-26 15:42:59 -0800
commit	90b4247cc5dca58cee9da5f6975bb38fd200100a (patch)
tree	ee00f9c403b6234039ee8ae96e7463b02516552a /crypto
parent	d2ccfb9caa9f69d4980f8fe49a15a043c91b40c5 (diff)