Ensure that the requested memory size cannot exceed the limit imposed by a

size_t variable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4357)

diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c
index f04f6cda0a92c8cce6b2aa387f02546a0d62b1a3..80a1acd2ce143200cc676945b571173c75193c13 100644 (file)
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
@@ -207,6 +207,8 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
 
     if (maxmem == 0)
         maxmem = SCRYPT_MAX_MEM;
 
     if (maxmem == 0)
         maxmem = SCRYPT_MAX_MEM;

+    if (maxmem > SIZE_MAX)
+        maxmem = SIZE_MAX;

 
     if (Blen + Vlen > maxmem) {
         EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
 
     if (Blen + Vlen > maxmem) {
         EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);