diff options
author | Matt Caswell <matt@openssl.org> | 2016-04-25 16:05:55 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-04-26 14:29:54 +0100 |
commit | 446ba8de9af9aa4fa3debc7c76a38f4efed47a62 (patch) | |
tree | 6434077e6c163594ba42ff1302619fd2dfb004f3 /ssl | |
parent | baf1a3041501c1d4a484deb095bf82a4864c703a (diff) | |
download | openssl-446ba8de9af9aa4fa3debc7c76a38f4efed47a62.tar.gz |
Ensure we check i2d_X509 return val
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_cert.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 04a4a36d77..a4bf76e989 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -836,13 +836,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) unsigned char *p; n = i2d_X509(x, NULL); - if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { + if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); return 0; } p = (unsigned char *)&(buf->data[*l]); l2n3(n, p); - i2d_X509(x, &p); + n = i2d_X509(x, &p); + if (n < 0) { + /* Shouldn't happen */ + SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); + return 0; + } *l += n + 3; return 1; |