diff options
| author | Matt Caswell <matt@openssl.org> | 2016-08-23 00:39:28 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-08-23 01:19:15 +0200 |
| commit | b197257d71694fd52ab61d173f77c8a120d3eead (patch) | |
| tree | 65241f3b1a5d8b34b03281de1cb5b608f7c9cfe2 /crypto/ocsp | |
| parent | Check for malloc error in bn_x931p.c (diff) | |
| download | openssl-b197257d71694fd52ab61d173f77c8a120d3eead.tar.xz openssl-b197257d71694fd52ab61d173f77c8a120d3eead.zip | |
Check for error return from ASN1_object_size
Otherwise we try to malloc a -1 size.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/ocsp')
| -rw-r--r-- | crypto/ocsp/ocsp_ext.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 151cafaca4..e60a8d3677 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -256,6 +256,9 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, * relies on library internals. */ os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); + if (os.length < 0) + goto err; + os.data = OPENSSL_malloc(os.length); if (os.data == NULL) goto err; |