diff options
author | Matt Caswell <matt@openssl.org> | 2015-10-21 10:00:24 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-10-21 16:13:53 +0100 |
commit | 3fde6c9276c9cd6e56e8e06e756350a4fbdd7031 (patch) | |
tree | 0f2362240850565662ab8137268560c31dc51f7c /ssl/packet_locl.h | |
parent | 788d72ba021fdd29f6b3e573adc313d97f7d224d (diff) | |
download | openssl-3fde6c9276c9cd6e56e8e06e756350a4fbdd7031.zip openssl-3fde6c9276c9cd6e56e8e06e756350a4fbdd7031.tar.gz openssl-3fde6c9276c9cd6e56e8e06e756350a4fbdd7031.tar.bz2 |
Avoid undefined behaviour in PACKET_buf_init
Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.
RT#4094
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/packet_locl.h')
-rw-r--r-- | ssl/packet_locl.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index 507d64f..cb61a93 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -111,7 +111,7 @@ __owur static inline int PACKET_buf_init(PACKET *pkt, unsigned char *buf, size_t len) { /* Sanity check for negative values. */ - if (buf + len < buf) + if (len > (size_t)(SIZE_MAX / 2)) return 0; pkt->curr = buf; |