Sanity check DES_enc_write buffer length

Add a sanity check to DES_enc_write to ensure the buffer length provided is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-27 11:04:56 +0100
committer: Matt Caswell <matt@openssl.org> 2015-04-30 23:12:39 +0100
commit: 873fb39f20b6763daba226b74e83fb194924c7bf (patch)
tree: 512b76eac7dd327091591efdc23e3badc6a38998 /crypto/des
parent: 895cba195a0c8430dcc8d1aa22b75eccaaee8f49 (diff)
download: openssl-873fb39f20b6763daba226b74e83fb194924c7bf.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index 55cc7fcb41..9ea7c5a503 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
     const unsigned char *cp;
     static int start = 1;
 
+    if (len < 0)
+        return -1;
+
     if (outbuf == NULL) {
         outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
         if (outbuf == NULL)
author	Matt Caswell <matt@openssl.org>	2015-04-27 11:04:56 +0100
committer	Matt Caswell <matt@openssl.org>	2015-04-30 23:12:39 +0100
commit	873fb39f20b6763daba226b74e83fb194924c7bf (patch)
tree	512b76eac7dd327091591efdc23e3badc6a38998 /crypto/des
parent	895cba195a0c8430dcc8d1aa22b75eccaaee8f49 (diff)
download	openssl-873fb39f20b6763daba226b74e83fb194924c7bf.tar.gz