From 42e7d2f10e3658c0c248df8a6edf3c48c477e4b0 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Mon, 12 Apr 2021 13:58:14 +1000 Subject: Add more negative checks for integers passed to OPENSSL_malloc(). Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14830) --- crypto/pkcs12/p12_mutl.c | 2 ++ crypto/pkcs12/p12_utl.c | 5 +++++ 2 files changed, 7 insertions(+) (limited to 'crypto/pkcs12') diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index acf90051c4..70b3ec702b 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -234,6 +234,8 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, } if (!saltlen) saltlen = PKCS12_SALT_LEN; + if (saltlen < 0) + return 0; if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) { ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index af5b628c0f..c3afb6aca1 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -21,6 +21,8 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, if (asclen == -1) asclen = strlen(asc); + if (asclen < 0) + return NULL; ulen = asclen * 2 + 2; if ((unitmp = OPENSSL_malloc(ulen)) == NULL) { ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); @@ -44,9 +46,12 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) { int asclen, i; char *asctmp; + /* string must contain an even number of bytes */ if (unilen & 1) return NULL; + if (unilen < 0) + return NULL; asclen = unilen / 2; /* If no terminating zero allow for one */ if (!unilen || uni[unilen - 1]) -- cgit v1.2.1