projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode())
[openssl.git] / crypto / pkcs7 / pk7_doit.c
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 3e2065244d00c88035bb016d72a024b1d5c08e46..718b6f3899da4202aad0753b43eda84a67924128 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -361,7 +361,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
 /* int */
 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 {
-    int i, j;
+    int i, j, len;
     BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
     X509_ALGOR *xa;
     ASN1_OCTET_STRING *data_body = NULL;
@@ -524,7 +524,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
             goto err;
         /* Generate random key as MMA defence */
-        tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+        len = EVP_CIPHER_CTX_key_length(evp_ctx);
+        if (len <= 0)
+            goto err;
+        tkeylen = (size_t)len;
         tkey = OPENSSL_malloc(tkeylen);
         if (tkey == NULL)
             goto err;
Unnamed repository; edit this file 'description' to name the repository.