Replace assert() and OPENSSL_assert() calls with proper error return paths.

Careful review, feedback & ok doug@ jsing@

1 files changed, 10 insertions, 4 deletions

diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index 1ebae53e74f..e3629762f9c 100644
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.35 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.36 2015/02/10 09:52:35 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -389,7 +389,10 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
 			}
 			kstr = (unsigned char *)buf;
 		}
-		OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
+		if ((size_t)enc->iv_len > sizeof(iv)) {
+			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE);
+			goto err;
+		}
 		arc4random_buf(iv, enc->iv_len); /* Generate a salt */
 		/* The 'iv' is used as the iv and as a salt.  It is
 		 * NOT taken from the BytesToKey function */
@@ -400,8 +403,11 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
 		if (kstr == (unsigned char *)buf)
 			OPENSSL_cleanse(buf, PEM_BUFSIZE);
 
-		OPENSSL_assert(strlen(objstr) + 23 +
-		    2 * enc->iv_len + 13 <= sizeof buf);
+		if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) {
+			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
+			    ASN1_R_BUFFER_TOO_SMALL);
+			goto err;
+		}
 
 		buf[0] = '\0';
 		PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);