Add a sanity check to DES_enc_write to ensure the buffer length provided
is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
const unsigned char *cp;
static int start = 1;
const unsigned char *cp;
static int start = 1;
+ if (len < 0)
+ return -1;
+
if (outbuf == NULL) {
outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
if (outbuf == NULL)
if (outbuf == NULL) {
outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
if (outbuf == NULL)