handle the (impossible) situation of a size_t - 1 buffer from

EC_POINT_point2oct so that later allocation does not overflow with miod
author: deraadt <> 2014-12-03 19:53:20 +0000
committer: deraadt <> 2014-12-03 19:53:20 +0000
commit: 8f3aa4eb5e4c92bb3775488719783430a0e7800c (patch)
tree: c25be1009bbd150bf7dbc739a04989431fa8f488 /src
parent: 08558b08a2f4ee6e2be0c03277405b19dd5c7b46 (diff)
download: openbsd-8f3aa4eb5e4c92bb3775488719783430a0e7800c.tar.gz
openbsd-8f3aa4eb5e4c92bb3775488719783430a0e7800c.tar.bz2
openbsd-8f3aa4eb5e4c92bb3775488719783430a0e7800c.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ec/ec_print.c b/src/lib/libcrypto/ec/ec_print.c
index 1c142a1df5..af4d1996c0 100644
--- a/src/lib/libcrypto/ec/ec_print.c
+++ b/src/lib/libcrypto/ec/ec_print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */
+/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
        buf_len = EC_POINT_point2oct(group, point, form,
            NULL, 0, ctx);
-        if (buf_len == 0)
+        if (buf_len == 0 || buf_len + 1 == 0)
                return NULL;
        if ((buf = malloc(buf_len)) == NULL)
diff --git a/src/lib/libssl/src/crypto/ec/ec_print.c b/src/lib/libssl/src/crypto/ec/ec_print.c
index 1c142a1df5..af4d1996c0 100644
--- a/src/lib/libssl/src/crypto/ec/ec_print.c
+++ b/src/lib/libssl/src/crypto/ec/ec_print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */
+/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
        buf_len = EC_POINT_point2oct(group, point, form,
            NULL, 0, ctx);
-        if (buf_len == 0)
+        if (buf_len == 0 || buf_len + 1 == 0)
                return NULL;
        if ((buf = malloc(buf_len)) == NULL)
author	deraadt <>	2014-12-03 19:53:20 +0000
committer	deraadt <>	2014-12-03 19:53:20 +0000
commit	8f3aa4eb5e4c92bb3775488719783430a0e7800c (patch)
tree	c25be1009bbd150bf7dbc739a04989431fa8f488 /src
parent	08558b08a2f4ee6e2be0c03277405b19dd5c7b46 (diff)
download	openbsd-8f3aa4eb5e4c92bb3775488719783430a0e7800c.tar.gz openbsd-8f3aa4eb5e4c92bb3775488719783430a0e7800c.tar.bz2 openbsd-8f3aa4eb5e4c92bb3775488719783430a0e7800c.zip

diff --git a/src/lib/libcrypto/ec/ec_print.c b/src/lib/libcrypto/ec/ec_print.c index 1c142a1df5..af4d1996c0 100644 --- a/src/lib/libcrypto/ec/ec_print.c +++ b/src/lib/libcrypto/ec/ec_print.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */	1	/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
131		131
132	buf_len = EC_POINT_point2oct(group, point, form,	132	buf_len = EC_POINT_point2oct(group, point, form,
133	NULL, 0, ctx);	133	NULL, 0, ctx);
134	if (buf_len == 0)	134	if (buf_len == 0 \|\| buf_len + 1 == 0)
135	return NULL;	135	return NULL;
136		136
137	if ((buf = malloc(buf_len)) == NULL)	137	if ((buf = malloc(buf_len)) == NULL)


diff --git a/src/lib/libssl/src/crypto/ec/ec_print.c b/src/lib/libssl/src/crypto/ec/ec_print.c index 1c142a1df5..af4d1996c0 100644 --- a/src/lib/libssl/src/crypto/ec/ec_print.c +++ b/src/lib/libssl/src/crypto/ec/ec_print.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */	1	/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
131		131
132	buf_len = EC_POINT_point2oct(group, point, form,	132	buf_len = EC_POINT_point2oct(group, point, form,
133	NULL, 0, ctx);	133	NULL, 0, ctx);
134	if (buf_len == 0)	134	if (buf_len == 0 \|\| buf_len + 1 == 0)
135	return NULL;	135	return NULL;
136		136
137	if ((buf = malloc(buf_len)) == NULL)	137	if ((buf = malloc(buf_len)) == NULL)