cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflow

ok miod@ deraadt@
author: djm <djm@openbsd.org> 2012-04-19 22:57:38 +0000
committer: djm <djm@openbsd.org> 2012-04-19 22:57:38 +0000
commit: b590e19bab47ffb9f1ac866e183b747b23e94762 (patch)
tree: 2926f08f3de49b732a9eb5193b94ea212c6ae1aa /lib/libcrypto/mem.c
parent: talk about pecl.port.mk (diff)
download: wireguard-openbsd-b590e19bab47ffb9f1ac866e183b747b23e94762.tar.xz
wireguard-openbsd-b590e19bab47ffb9f1ac866e183b747b23e94762.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/libcrypto/mem.c b/lib/libcrypto/mem.c
index 8f06d190a12..9ecb8d26b1f 100644
--- a/lib/libcrypto/mem.c
+++ b/lib/libcrypto/mem.c
@@ -362,6 +362,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
 
 	if (num <= 0) return NULL;
 
+	/* We don't support shrinking the buffer. Note the memcpy that copies
+	 * |old_len| bytes to the new buffer, below. */
+	if (num < old_len) return NULL;
+
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);
 	ret=malloc_ex_func(num,file,line);
author	djm <djm@openbsd.org>	2012-04-19 22:57:38 +0000
committer	djm <djm@openbsd.org>	2012-04-19 22:57:38 +0000
commit	b590e19bab47ffb9f1ac866e183b747b23e94762 (patch)
tree	2926f08f3de49b732a9eb5193b94ea212c6ae1aa /lib/libcrypto/mem.c
parent	talk about pecl.port.mk (diff)
download	wireguard-openbsd-b590e19bab47ffb9f1ac866e183b747b23e94762.tar.xz wireguard-openbsd-b590e19bab47ffb9f1ac866e183b747b23e94762.zip