Check for negative return for signature size.Addresses Coverity 1442933
authorPauli <paul.dale@oracle.com>
Mon, 4 Mar 2019 03:37:39 +0000 (13:37 +1000)
committerPauli <paul.dale@oracle.com>
Mon, 4 Mar 2019 03:39:09 +0000 (13:39 +1000)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8392)

test/ecdsatest.c

index 03327a2..761832f 100644 (file)
@@ -205,6 +205,7 @@ static int test_builtin(int n)
     EVP_MD_CTX *mctx = NULL;
     size_t sig_len;
     int nid, ret = 0;
+    int temp;
 
     nid = curves[n].nid;
 
@@ -231,9 +232,10 @@ static int test_builtin(int n)
         || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey_neg, eckey_neg)))
         goto err;
 
-    sig_len = ECDSA_size(eckey);
+    temp = ECDSA_size(eckey);
 
-    if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
+    if (!TEST_int_ge(temp, 0)
+        || !TEST_ptr(sig = OPENSSL_malloc(sig_len = (size_t)temp))
         /* create a signature */
         || !TEST_true(EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey))
         || !TEST_true(EVP_DigestSign(mctx, sig, &sig_len, tbs, sizeof(tbs)))