diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-07 09:50:34 +1000 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2020-07-08 11:19:08 +0300 |
| commit | eae4a008341149783b540198470f04f85b22730e (patch) | |
| tree | 0d8a4454cb45ecbaad5a5229e7307c5a1f42636b | |
| parent | c8ea9bc6702e30f4efa690906abd14c5eab927cf (diff) | |
| download | openssl-new-eae4a008341149783b540198470f04f85b22730e.tar.gz | |
Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode())
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 3e2065244d..718b6f3899 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -361,7 +361,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) /* int */ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { - int i, j; + int i, j, len; BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; X509_ALGOR *xa; ASN1_OCTET_STRING *data_body = NULL; @@ -524,7 +524,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) goto err; /* Generate random key as MMA defence */ - tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); + len = EVP_CIPHER_CTX_key_length(evp_ctx); + if (len <= 0) + goto err; + tkeylen = (size_t)len; tkey = OPENSSL_malloc(tkeylen); if (tkey == NULL) goto err; |