From 68d101f49e04f5b186085135fd2cea27b27580b0 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Tue, 29 Apr 2014 15:46:54 +0000
Subject: Constrain bytes read/written to positive values. ok miod@ tedu@

---
 src/lib/libssl/s3_pkt.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/lib/libssl/s3_pkt.c')

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 4a8462ecb9..a5ed3c07cc 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -561,6 +561,11 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 	unsigned int tot, n, nw;
 	int i;
 
+	if (len < 0) {
+		SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
+		return -1;
+	}
+
 	s->rwstate = SSL_NOTHING;
 	tot = s->s3->wnum;
 	s->s3->wnum = 0;
@@ -902,6 +907,11 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 		if (!ssl3_setup_read_buffer(s))
 			return (-1);
 
+	if (len < 0) {
+		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+		return -1;
+	}
+
 	if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
 	    (type != SSL3_RT_HANDSHAKE) && type) ||
 	    (peek && (type != SSL3_RT_APPLICATION_DATA))) {
-- 
cgit v1.2.3-55-g6feb