From: Matt Caswell <matt@openssl.org>
Date: Mon, 22 Aug 2016 22:41:15 +0000 (+0100)
Subject: Sanity check an ASN1_object_size result
X-Git-Tag: OpenSSL_1_1_0~71
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=a36c5eabf589aef716966fbbc8772ead1205abd7

Sanity check an ASN1_object_size result

If it's negative don't try and malloc it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
---

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index bb50f63c0a..259851bc00 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -373,6 +373,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
     }
     /* Work out total size */
     j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+    if (j < 0)
+        return NULL;
 
     if ((buf = OPENSSL_malloc(j)) == NULL)
         return NULL;