projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Ensure EVP_EncodeUpdate handles an output length that is too long
[openssl.git]
/
crypto
/
evp
/
encode.c
diff --git
a/crypto/evp/encode.c
b/crypto/evp/encode.c
index 6f862fa2dd2c8c158437d225b7683806d7c673ea..ee105434b5d665dcc47f599229dc468dfd4bcfb0 100644
(file)
--- a/
crypto/evp/encode.c
+++ b/
crypto/evp/encode.c
@@
-56,6
+56,7
@@
*/
#include <stdio.h>
*/
#include <stdio.h>
+#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include "evp_locl.h"
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include "evp_locl.h"
@@
-165,7
+166,7
@@
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int i, j;
const unsigned char *in, int inl)
{
int i, j;
-
unsigned in
t total = 0;
+
size_
t total = 0;
*outl = 0;
if (inl <= 0)
*outl = 0;
if (inl <= 0)
@@
-188,7
+189,7
@@
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*out = '\0';
total = j + 1;
}
*out = '\0';
total = j + 1;
}
- while (inl >= ctx->length) {
+ while (inl >= ctx->length
&& total <= INT_MAX
) {
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
@@
-197,6
+198,11
@@
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*out = '\0';
total += j + 1;
}
*out = '\0';
total += j + 1;
}
+ if (total > INT_MAX) {
+ /* Too much output data! */
+ *outl = 0;
+ return;
+ }
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;