Coverity #1451596: check dirlen for being negative

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9362)

diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index d3be967f04004ac4e3431bb38e6876c268ac5c9f..db9bbba940c66020eb01140338de887caba47fe2 100644 (file)
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -184,6 +184,8 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
         return 0;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if (derlen < 0)
+        return 0;
     if ((p = OPENSSL_malloc(derlen)) == NULL) {
         ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE);
         return 0;