From: Matt Caswell Date: Mon, 27 Apr 2015 10:04:56 +0000 (+0100) Subject: Sanity check DES_enc_write buffer length X-Git-Tag: OpenSSL_1_0_2b~101 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4ce06271aac5ebddf02854191611613af5ec83f8;p=oweals%2Fopenssl.git Sanity check DES_enc_write buffer length Add a sanity check to DES_enc_write to ensure the buffer length provided is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov (cherry picked from commit 873fb39f20b6763daba226b74e83fb194924c7bf) --- diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c index 25041f2aab..bfaabde516 100644 --- a/crypto/des/enc_writ.c +++ b/crypto/des/enc_writ.c @@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len, const unsigned char *cp; static int start = 1; + if (len < 0) + return -1; + if (outbuf == NULL) { outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); if (outbuf == NULL)