From d2ab55eb5ba5ffcca96253224c20ee1269b39b72 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@links.org>
Date: Sat, 5 Jul 2014 14:59:33 +0100
Subject: [PATCH] Reduce casting nastiness.

---
 ssl/s3_pkt.c  | 11 +++++++++--
 ssl/ssl.h     |  1 +
 ssl/ssl_err.c |  1 +
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 243992542b..dab2bd766f 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -643,6 +643,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 #endif
 	SSL3_BUFFER *wb=&(s->s3->wbuf);
 	int i;
+	unsigned int u_len = (unsigned int)len;
+
+	if (len < 0)
+		{
+		SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_NEGATIVE_LENGTH);
+		return -1;
+		}
 
 	s->rwstate=SSL_NOTHING;
 	OPENSSL_assert(s->s3->wnum <= INT_MAX);
@@ -697,7 +704,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 	 * compromise is considered worthy.
 	 */
 	if (type==SSL3_RT_APPLICATION_DATA &&
-	    len >= 4*(int)(max_send_fragment=s->max_send_fragment) &&
+	    u_len >= 4*(max_send_fragment=s->max_send_fragment) &&
 	    s->compress==NULL && s->msg_callback==NULL &&
 	    !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
 	    EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
@@ -718,7 +725,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 					EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
 					max_send_fragment,NULL);
 
-			if (len>=8*(int)max_send_fragment)	packlen *= 8;
+			if (u_len >= 8*max_send_fragment)	packlen *= 8;
 			else				packlen *= 4;
 
 			wb->buf=OPENSSL_malloc(packlen);
diff --git a/ssl/ssl.h b/ssl/ssl.h
index c434b86a54..d44a9d5e97 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -3057,6 +3057,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
 #define SSL_R_SSL_HANDSHAKE_FAILURE			 229
 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
+#define SSL_R_SSL_NEGATIVE_LENGTH			 372
 #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 301
 #define SSL_R_SSL_SESSION_ID_CONFLICT			 302
 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 258d408f54..70a2a73c36 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -551,6 +551,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
 {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
 {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
+{ERR_REASON(SSL_R_SSL_NEGATIVE_LENGTH)   ,"ssl negative length"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
-- 
2.34.1