diff options
| author | Patrick Steinhardt <ps@pks.im> | 2019-01-23 15:54:05 +0100 |
|---|---|---|
| committer | Edward Thomson <ethomson@edwardthomson.com> | 2019-01-31 13:47:42 +0000 |
| commit | 657197e6541df32ffa3a093f85b7810ebd6ff566 (patch) | |
| tree | e80ffe29029ef51137e28164743f3573439671fc | |
| parent | 7613086df460948f728e9f0534457c8af6fa522b (diff) | |
| download | libgit2-657197e6541df32ffa3a093f85b7810ebd6ff566.tar.gz | |
openssl: fix potential size overflow when writing data
Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.
| -rw-r--r-- | src/streams/openssl.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/streams/openssl.c b/src/streams/openssl.c index 354e0f88b..fe5f79cce 100644 --- a/src/streams/openssl.c +++ b/src/streams/openssl.c @@ -649,9 +649,8 @@ static ssize_t openssl_write(git_stream *stream, const char *data, size_t data_l GIT_UNUSED(flags); - if ((ret = SSL_write(st->ssl, data, len)) <= 0) { + if ((ret = SSL_write(st->ssl, data, len)) <= 0) return ssl_set_error(st->ssl, ret); - } return ret; } |