Check for error return from ASN1_object_size

author Matt Caswell <matt@openssl.org>

Mon, 22 Aug 2016 22:39:28 +0000 (23:39 +0100)

committer Matt Caswell <matt@openssl.org>

Mon, 22 Aug 2016 23:19:15 +0000 (00:19 +0100)
author Matt Caswell <matt@openssl.org>
Mon, 22 Aug 2016 22:39:28 +0000 (23:39 +0100)
committer Matt Caswell <matt@openssl.org>
Mon, 22 Aug 2016 23:19:15 +0000 (00:19 +0100)
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c

index 151cafaca45d0e34c2dc50989f5116381205d862..e60a8d3677adcfc4d119ce5ebb4a83756ca53765 100644 (file)
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -256,6 +256,9 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
       * relies on library internals.
       */
      os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    if (os.length < 0)
+        goto err;
+
      os.data = OPENSSL_malloc(os.length);
      if (os.data == NULL)
          goto err;
author	Matt Caswell <matt@openssl.org>
	Mon, 22 Aug 2016 22:39:28 +0000 (23:39 +0100)
committer	Matt Caswell <matt@openssl.org>
	Mon, 22 Aug 2016 23:19:15 +0000 (00:19 +0100)