From 951ede2a06eba9a71c5d40b25f924e97f443c437 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 27 Apr 2015 11:13:56 +0100
Subject: [PATCH] Sanity check EVP_EncodeUpdate buffer len

There was already a sanity check to ensure the passed buffer length is not
zero. Extend this to ensure that it also not negative. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit b86d7dca69f5c80abd60896c8ed3039fc56210cc)
---
 crypto/evp/encode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index d1d8a07c14..5c5988fc45 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
     unsigned int total = 0;
 
     *outl = 0;
-    if (inl == 0)
+    if (inl <= 0)
         return;
     OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
     if ((ctx->num + inl) < ctx->length) {
-- 
2.25.1