Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15316)
author: Jake Cooke <jcooke2297@outlook.com> 2021-05-18 18:20:54 +0930
committer: Pauli <pauli@openssl.org> 2021-05-19 22:12:19 +1000
commit: cad4f3facc2ff5dce97b08b9ab8718783358b30c (patch)
tree: 6ccde043767c6e6f663d4f88ac9b55511ef440eb /engines
parent: bf991b25caa6e915d858dd56c98ee774f248f03c (diff)
download: openssl-new-cad4f3facc2ff5dce97b08b9ab8718783358b30c.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/engines/e_capi.c b/engines/e_capi.c
index dd66518d3f..2ea3cd2059 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1120,10 +1120,19 @@ static char *wide_to_asc(LPCWSTR wstr)
 {
     char *str;
     int len_0, sz;
+    size_t len_1;
 
     if (!wstr)
         return NULL;
-    len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+
+    len_1 = wcslen(wstr) + 1;
+
+    if (len_1 > INT_MAX) {
+	    CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+	    return NULL;
+    }
+
+    len_0 = (int)len_1; /* WideCharToMultiByte expects int */
     sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
     if (!sz) {
         CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
author	Jake Cooke <jcooke2297@outlook.com>	2021-05-18 18:20:54 +0930
committer	Pauli <pauli@openssl.org>	2021-05-19 22:12:19 +1000
commit	cad4f3facc2ff5dce97b08b9ab8718783358b30c (patch)
tree	6ccde043767c6e6f663d4f88ac9b55511ef440eb /engines
parent	bf991b25caa6e915d858dd56c98ee774f248f03c (diff)
download	openssl-new-cad4f3facc2ff5dce97b08b9ab8718783358b30c.tar.gz