From a36c5eabf589aef716966fbbc8772ead1205abd7 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 22 Aug 2016 23:41:15 +0100
Subject: [PATCH] Sanity check an ASN1_object_size result

If it's negative don't try and malloc it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 crypto/objects/obj_dat.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index bb50f63c0a..259851bc00 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -373,6 +373,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
     }
     /* Work out total size */
     j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+    if (j < 0)
+        return NULL;
 
     if ((buf = OPENSSL_malloc(j)) == NULL)
         return NULL;
-- 
2.25.1