From a1673e1536729d49cb758b988ac7be368e9b1fdb Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Tue, 8 Mar 2016 16:44:57 -0600
Subject: Avoid negative array index in BIO_debug_callback()

BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb177301fdab492e4cfef376b28339afe3ef663).  Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.

It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/bio/bio_cb.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'crypto/bio/bio_cb.c')

diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index 4d3365e..ec484b6 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -77,6 +77,9 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
 
     len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio);
 
+    /* Ignore errors and continue printing the other information. */
+    if (len < 0)
+        len = 0;
     p = buf + len;
     p_maxlen = sizeof(buf) - len;
 
-- 
cgit v1.1