handle the (impossible) situation of a size_t - 1 buffer from

EC_POINT_point2oct so that later allocation does not overflow with miod
author: deraadt <> 2014-12-03 19:53:20 +0000
committer: deraadt <> 2014-12-03 19:53:20 +0000
commit: 3a55949b558e3f8f9d11f65223b657b592b83bbe (patch)
tree: c25be1009bbd150bf7dbc739a04989431fa8f488
parent: 39e2aa4a9102c4b61c852837948074b704e5d68e (diff)
download: openbsd-3a55949b558e3f8f9d11f65223b657b592b83bbe.tar.gz
openbsd-3a55949b558e3f8f9d11f65223b657b592b83bbe.tar.bz2
openbsd-3a55949b558e3f8f9d11f65223b657b592b83bbe.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ec/ec_print.c b/src/lib/libcrypto/ec/ec_print.c
index 1c142a1df5..af4d1996c0 100644
--- a/src/lib/libcrypto/ec/ec_print.c
+++ b/src/lib/libcrypto/ec/ec_print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */
+/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
        buf_len = EC_POINT_point2oct(group, point, form,
            NULL, 0, ctx);
-        if (buf_len == 0)
+        if (buf_len == 0 || buf_len + 1 == 0)
                return NULL;
        if ((buf = malloc(buf_len)) == NULL)
diff --git a/src/lib/libssl/src/crypto/ec/ec_print.c b/src/lib/libssl/src/crypto/ec/ec_print.c
index 1c142a1df5..af4d1996c0 100644
--- a/src/lib/libssl/src/crypto/ec/ec_print.c
+++ b/src/lib/libssl/src/crypto/ec/ec_print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */
+/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
        buf_len = EC_POINT_point2oct(group, point, form,
            NULL, 0, ctx);
-        if (buf_len == 0)
+        if (buf_len == 0 || buf_len + 1 == 0)
                return NULL;
        if ((buf = malloc(buf_len)) == NULL)
author	deraadt <>	2014-12-03 19:53:20 +0000
committer	deraadt <>	2014-12-03 19:53:20 +0000
commit	3a55949b558e3f8f9d11f65223b657b592b83bbe (patch)
tree	c25be1009bbd150bf7dbc739a04989431fa8f488
parent	39e2aa4a9102c4b61c852837948074b704e5d68e (diff)
download	openbsd-3a55949b558e3f8f9d11f65223b657b592b83bbe.tar.gz openbsd-3a55949b558e3f8f9d11f65223b657b592b83bbe.tar.bz2 openbsd-3a55949b558e3f8f9d11f65223b657b592b83bbe.zip

diff --git a/src/lib/libcrypto/ec/ec_print.c b/src/lib/libcrypto/ec/ec_print.c index 1c142a1df5..af4d1996c0 100644 --- a/src/lib/libcrypto/ec/ec_print.c +++ b/src/lib/libcrypto/ec/ec_print.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */	1	/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
131		131
132	buf_len = EC_POINT_point2oct(group, point, form,	132	buf_len = EC_POINT_point2oct(group, point, form,
133	NULL, 0, ctx);	133	NULL, 0, ctx);
134	if (buf_len == 0)	134	if (buf_len == 0 \|\| buf_len + 1 == 0)
135	return NULL;	135	return NULL;
136		136
137	if ((buf = malloc(buf_len)) == NULL)	137	if ((buf = malloc(buf_len)) == NULL)


diff --git a/src/lib/libssl/src/crypto/ec/ec_print.c b/src/lib/libssl/src/crypto/ec/ec_print.c index 1c142a1df5..af4d1996c0 100644 --- a/src/lib/libssl/src/crypto/ec/ec_print.c +++ b/src/lib/libssl/src/crypto/ec/ec_print.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */	1	/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
131		131
132	buf_len = EC_POINT_point2oct(group, point, form,	132	buf_len = EC_POINT_point2oct(group, point, form,
133	NULL, 0, ctx);	133	NULL, 0, ctx);
134	if (buf_len == 0)	134	if (buf_len == 0 \|\| buf_len + 1 == 0)
135	return NULL;	135	return NULL;
136		136
137	if ((buf = malloc(buf_len)) == NULL)	137	if ((buf = malloc(buf_len)) == NULL)