From 00e38edcfb95b556a59de96e0c18343828929c8f Mon Sep 17 00:00:00 2001
From: Todd Short <tshort@akamai.com>
Date: Thu, 27 Oct 2022 10:27:29 -0400
Subject: Fix coverity 1516093 tainted scalar

|uclen| is created from three byte values, so this seems a bit
redundant, but if it makes coverity happy

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19519)
---
 ssl/t1_trce.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4725185e79..6d314c5331 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1345,7 +1345,8 @@ static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc,
     if (!ossl_comp_has_alg(alg))
         return 0;
 
-    if (uclen == 0 || (ucdata = OPENSSL_malloc(uclen)) == NULL)
+    /* Check against certificate maximum size (coverity) */
+    if (uclen == 0 || uclen > 0xFFFFFF || (ucdata = OPENSSL_malloc(uclen)) == NULL)
         return 0;
 
     switch (alg) {
-- 
cgit v1.2.3