From: Richard Levitte <levitte@openssl.org>
Date: Mon, 30 May 2016 03:41:57 +0000 (+0200)
Subject: Make sure max in fmtstr() doesn't overflow into negativity
X-Git-Tag: OpenSSL_1_1_0-pre6~643
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=453fc7a0185dcd046a8ab2b029e0807a073f93c2;p=oweals%2Fopenssl.git

Make sure max in fmtstr() doesn't overflow into negativity

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 545c469810..1b70bac71b 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -390,8 +390,16 @@ fmtstr(char **sbuffer,
     padlen = min - strln;
     if (min < 0 || padlen < 0)
         padlen = 0;
-    if (max >= 0)
-        max += padlen;      /* The maximum output including padding */
+    if (max >= 0) {
+        /*
+         * Calculate the maximum output including padding.
+         * Make sure max doesn't overflow into negativity
+         */
+        if (max < INT_MAX - padlen)
+            max += padlen;
+        else
+            max = INT_MAX;
+    }
     if (flags & DP_F_MINUS)
         padlen = -padlen;