aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/buffer/buffer.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2012-06-27 16:44:58 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2012-06-27 16:44:58 +0000
commit2b8b5455829304396e38200c205612c4dc57c052 (patch)
treecc5cd6657453d80b7eafb3ba5cc4ef4fd66c176f /crypto/buffer/buffer.c
parentfd3744ddb062b70bb370acec340acbac23f0bd98 (diff)
downloadsrc-2b8b5455829304396e38200c205612c4dc57c052.tar.gz
src-2b8b5455829304396e38200c205612c4dc57c052.zip
Import OpenSSL 0.9.8x.vendor/openssl/0.9.8x
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=237653 svn path=/vendor-crypto/openssl/0.9.8x/; revision=237654; tag=vendor/openssl/0.9.8x
Diffstat (limited to 'crypto/buffer/buffer.c')
-rw-r--r--crypto/buffer/buffer.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index b3e947771d58..3b4c79f7048c 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -60,6 +60,11 @@
#include "cryptlib.h"
#include <openssl/buffer.h>
+/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit ensures
+ * that the result fits in an int. */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
BUF_MEM *BUF_MEM_new(void)
{
BUF_MEM *ret;
@@ -94,6 +99,11 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
char *ret;
unsigned int n;
+ if (len < 0)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (str->length >= len)
{
str->length=len;
@@ -105,6 +115,12 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);
@@ -130,6 +146,11 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
char *ret;
unsigned int n;
+ if (len < 0)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (str->length >= len)
{
memset(&str->data[len],0,str->length-len);
@@ -142,6 +163,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);