Fix CID 1466709 : Negative value passed to a function that cant be negative in cms_sd.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12930)
author: Shane Lontis <shane.lontis@oracle.com> 2020-09-21 11:42:41 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-09-23 17:16:39 +1000
commit: 81777339e9ed62cd3b801bf225fa1f2aba4b30dd (patch)
tree: c608fcb68009d8ace557df93f485d30b1237d420 /crypto/cms/cms_sd.c
parent: ced5231b04679dc31ce981d66d08260037fa40d8 (diff)
download: openssl-81777339e9ed62cd3b801bf225fa1f2aba4b30dd.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 4b6822f4fd..121390a8d5 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -854,7 +854,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
 
     alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
                          ASN1_ITEM_rptr(CMS_Attributes_Verify));
-    if (!abuf)
+    if (abuf == NULL || alen < 0)
         goto err;
     r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
     OPENSSL_free(abuf);
author	Shane Lontis <shane.lontis@oracle.com>	2020-09-21 11:42:41 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-09-23 17:16:39 +1000
commit	81777339e9ed62cd3b801bf225fa1f2aba4b30dd (patch)
tree	c608fcb68009d8ace557df93f485d30b1237d420 /crypto/cms/cms_sd.c
parent	ced5231b04679dc31ce981d66d08260037fa40d8 (diff)
download	openssl-81777339e9ed62cd3b801bf225fa1f2aba4b30dd.tar.gz