Check ASN1_item_ndef_i2d() return value.

Return an error instead of trying to malloc a negative number. The other usage in this file already had a similar check, and the caller should have put an entry on the error stack already. Note that we only check the initial calls to obtain the encoded length, and assume that the follow-up call to actually encode to the allocated storage will succeed if the first one did. Fixes: #14177 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14308) (cherry picked from commit 90b4247cc5dca58cee9da5f6975bb38fd200100a)
author: Benjamin Kaduk <bkaduk@akamai.com> 2021-02-24 13:38:25 -0800
committer: Benjamin Kaduk <bkaduk@akamai.com> 2021-02-26 15:43:20 -0800
commit: a88ea7dfdfba2c34bd575076f12f06d80dd2c0c2 (patch)
tree: 583c3eec14a70206031ac4b1fc88cca7494c507a
parent: 3a6e6b1f94ae41e2fd73483464c9c80ddcf30d17 (diff)
download: openssl-a88ea7dfdfba2c34bd575076f12f06d80dd2c0c2.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index 6222c99074..5642262719 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -113,6 +113,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if (derlen < 0)
+        return 0;
     if ((p = OPENSSL_malloc(derlen)) == NULL) {
         ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
         return 0;
author	Benjamin Kaduk <bkaduk@akamai.com>	2021-02-24 13:38:25 -0800
committer	Benjamin Kaduk <bkaduk@akamai.com>	2021-02-26 15:43:20 -0800
commit	a88ea7dfdfba2c34bd575076f12f06d80dd2c0c2 (patch)
tree	583c3eec14a70206031ac4b1fc88cca7494c507a
parent	3a6e6b1f94ae41e2fd73483464c9c80ddcf30d17 (diff)
download	openssl-a88ea7dfdfba2c34bd575076f12f06d80dd2c0c2.tar.gz