From: Matt Caswell Date: Mon, 27 Apr 2015 10:13:56 +0000 (+0100) Subject: Sanity check EVP_EncodeUpdate buffer len X-Git-Tag: OpenSSL_1_1_0-pre1~1238 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b86d7dca69f5c80abd60896c8ed3039fc56210cc;p=oweals%2Fopenssl.git Sanity check EVP_EncodeUpdate buffer len There was already a sanity check to ensure the passed buffer length is not zero. Extend this to ensure that it also not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov --- diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 682a914ff3..053c1d8f1f 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, unsigned int total = 0; *outl = 0; - if (inl == 0) + if (inl <= 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num + inl) < ctx->length) {