From c372cb226df91de2bb6681d3cbd59227d8b06268 Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Thu, 9 Dec 2021 15:28:58 +0000
Subject: Fix an issue that might possibly turn into a DOS depending on how
 application software uses the API function BIO_indent(3):

If the caller asks for some output, but not more than some negative
number of bytes, give them zero bytes of output rather than drowning
them in nearly INT_MAX bytes.

OK tb@
---
 src/lib/libcrypto/bio/bio_lib.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
index 05f0258947..85eb0f0c77 100644
--- a/src/lib/libcrypto/bio/bio_lib.c
+++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.30 2021/10/24 13:46:56 tb Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.31 2021/12/09 15:28:58 schwarze Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -391,10 +391,10 @@ BIO_gets(BIO *b, char *in, int inl)
 int
 BIO_indent(BIO *b, int indent, int max)
 {
-	if (indent < 0)
-		indent = 0;
 	if (indent > max)
 		indent = max;
+	if (indent < 0)
+		indent = 0;
 	while (indent--)
 		if (BIO_puts(b, " ") != 1)
 			return 0;
-- 
cgit v1.2.3-55-g6feb