From: Matt Caswell <matt@openssl.org>
Date: Mon, 27 Apr 2015 10:04:56 +0000 (+0100)
Subject: Sanity check DES_enc_write buffer length
X-Git-Tag: OpenSSL_1_0_1n~83
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3be5df227259628cea91faffbea5054b872f793a;p=oweals%2Fopenssl.git

Sanity check DES_enc_write buffer length

Add a sanity check to DES_enc_write to ensure the buffer length provided
is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 873fb39f20b6763daba226b74e83fb194924c7bf)
---

diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index 25041f2aab..bfaabde516 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
     const unsigned char *cp;
     static int start = 1;
 
+    if (len < 0)
+        return -1;
+
     if (outbuf == NULL) {
         outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
         if (outbuf == NULL)