From: Dmitry-Me Date: Wed, 10 Feb 2016 19:08:09 +0000 (+0100) Subject: Ensure allocation size fits into size_t X-Git-Tag: OpenSSL_1_1_0-pre3~115 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cc9c56894606fdf324933cd8090d9a54d967bf5b;p=oweals%2Fopenssl.git Ensure allocation size fits into size_t Signed-off-by: Kurt Roeckx Reviewed-by: Rich Salz GH: #630 --- diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c index 25b360e210..20e5dd4854 100644 --- a/crypto/evp/scrypt.c +++ b/crypto/evp/scrypt.c @@ -213,6 +213,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, unsigned char *B; uint32_t *X, *V, *T; uint64_t i, Blen, Vlen; + size_t allocsize; /* Sanity check parameters */ /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ @@ -242,7 +243,8 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, Blen = p * 128 * r; /* - * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t. + * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in + * uint64_t and also size_t (their sizes are unrelated). * This is combined size V, X and T (section 4) */ i = UINT64_MAX / (32 * sizeof(uint32_t)); @@ -253,11 +255,16 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, /* check total allocated size fits in uint64_t */ if (Blen > UINT64_MAX - Vlen) return 0; + /* check total allocated size fits in size_t */ + if (Blen > SIZE_MAX - Vlen) + return 0; + + allocsize = (size_t)(Blen + Vlen); if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; - if (Blen + Vlen > maxmem) { + if (allocsize > maxmem) { EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; } @@ -266,7 +273,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (key == NULL) return 1; - B = OPENSSL_malloc(Blen + Vlen); + B = OPENSSL_malloc(allocsize); if (B == NULL) return 0; X = (uint32_t *)(B + Blen); @@ -294,7 +301,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, BIO_dump_fp(stderr, (char *)key, keylen); #endif err: - OPENSSL_clear_free(B, Blen + Vlen); + OPENSSL_clear_free(B, allocsize); return rv; } #endif