diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-12-03 19:53:21 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-12-03 19:53:21 +0000 |
| commit | c72bee775e620373c68ad19f1afdb56ed0e7ab49 (patch) | |
| tree | d1ccaed50b30563f491ece67d909a946a815f861 | |
| parent | c35b129adcbbf28486b31be19635c768f80d16b9 (diff) | |
handle the (impossible) situation of a size_t - 1 buffer from
EC_POINT_point2oct so that later allocation does not overflow
with miod
| -rw-r--r-- | lib/libcrypto/ec/ec_print.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/ec/ec_print.c b/lib/libcrypto/ec/ec_print.c index 1c142a1df59..af4d1996c0f 100644 --- a/lib/libcrypto/ec/ec_print.c +++ b/lib/libcrypto/ec/ec_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */ +/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point, buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); - if (buf_len == 0) + if (buf_len == 0 || buf_len + 1 == 0) return NULL; if ((buf = malloc(buf_len)) == NULL) |