projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4d94bd3
)
Check for error return from ASN1_object_size
author
Matt Caswell
<matt@openssl.org>
Mon, 22 Aug 2016 22:39:28 +0000
(23:39 +0100)
committer
Matt Caswell
<matt@openssl.org>
Mon, 22 Aug 2016 23:19:15 +0000
(
00:19
+0100)
Otherwise we try to malloc a -1 size.
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/ocsp/ocsp_ext.c
patch
|
blob
|
history
diff --git
a/crypto/ocsp/ocsp_ext.c
b/crypto/ocsp/ocsp_ext.c
index 151cafaca45d0e34c2dc50989f5116381205d862..e60a8d3677adcfc4d119ce5ebb4a83756ca53765 100644
(file)
--- a/
crypto/ocsp/ocsp_ext.c
+++ b/
crypto/ocsp/ocsp_ext.c
@@
-256,6
+256,9
@@
static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
* relies on library internals.
*/
os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+ if (os.length < 0)
+ goto err;
+
os.data = OPENSSL_malloc(os.length);
if (os.data == NULL)
goto err;