From ad295b09e02c647432a14dd6245cf051f32da8f1 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Wed, 29 Apr 2015 01:39:32 +0000
Subject: Added len_len error checking for internal cbb_buffer_add_u().

ok jsing@
---
 src/lib/libssl/bs_cbb.c         | 5 ++++-
 src/lib/libssl/src/ssl/bs_cbb.c | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c
index 5546fac97f..7f0e474ded 100644
--- a/src/lib/libssl/bs_cbb.c
+++ b/src/lib/libssl/bs_cbb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs_cbb.c,v 1.5 2015/02/07 06:10:32 doug Exp $	*/
+/*	$OpenBSD: bs_cbb.c,v 1.6 2015/04/29 01:39:32 doug Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -127,6 +127,9 @@ cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v, size_t len_len)
 	if (len_len == 0)
 		return 1;
 
+	if (len_len > 4)
+		return 0;
+
 	if (!cbb_buffer_add(base, &buf, len_len))
 		return 0;
 
diff --git a/src/lib/libssl/src/ssl/bs_cbb.c b/src/lib/libssl/src/ssl/bs_cbb.c
index 5546fac97f..7f0e474ded 100644
--- a/src/lib/libssl/src/ssl/bs_cbb.c
+++ b/src/lib/libssl/src/ssl/bs_cbb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs_cbb.c,v 1.5 2015/02/07 06:10:32 doug Exp $	*/
+/*	$OpenBSD: bs_cbb.c,v 1.6 2015/04/29 01:39:32 doug Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -127,6 +127,9 @@ cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v, size_t len_len)
 	if (len_len == 0)
 		return 1;
 
+	if (len_len > 4)
+		return 0;
+
 	if (!cbb_buffer_add(base, &buf, len_len))
 		return 0;
 
-- 
cgit v1.2.3-55-g6feb