diff options
| author | djm <> | 2012-04-19 22:57:38 +0000 |
|---|---|---|
| committer | djm <> | 2012-04-19 22:57:38 +0000 |
| commit | 891102fe0de88602dbd6799f09c9578690841f95 (patch) | |
| tree | f358d1fe6ed9d8dbc7f4d5f3fa209866d553726c /src/lib/libcrypto/mem.c | |
| parent | cdaf9666b09838d78c2d0a36ef00e02b4e316c74 (diff) | |
| download | openbsd-891102fe0de88602dbd6799f09c9578690841f95.tar.gz openbsd-891102fe0de88602dbd6799f09c9578690841f95.tar.bz2 openbsd-891102fe0de88602dbd6799f09c9578690841f95.zip | |
cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflow
ok miod@ deraadt@
Diffstat (limited to 'src/lib/libcrypto/mem.c')
| -rw-r--r-- | src/lib/libcrypto/mem.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c index 8f06d190a1..9ecb8d26b1 100644 --- a/src/lib/libcrypto/mem.c +++ b/src/lib/libcrypto/mem.c | |||
| @@ -362,6 +362,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, | |||
| 362 | 362 | ||
| 363 | if (num <= 0) return NULL; | 363 | if (num <= 0) return NULL; |
| 364 | 364 | ||
| 365 | /* We don't support shrinking the buffer. Note the memcpy that copies | ||
| 366 | * |old_len| bytes to the new buffer, below. */ | ||
| 367 | if (num < old_len) return NULL; | ||
| 368 | |||
| 365 | if (realloc_debug_func != NULL) | 369 | if (realloc_debug_func != NULL) |
| 366 | realloc_debug_func(str, NULL, num, file, line, 0); | 370 | realloc_debug_func(str, NULL, num, file, line, 0); |
| 367 | ret=malloc_ex_func(num,file,line); | 371 | ret=malloc_ex_func(num,file,line); |