handle the (impossible) situation of a size_t - 1 buffer from

EC_POINT_point2oct so that later allocation does not overflow with miod
author: deraadt <deraadt@openbsd.org> 2014-12-03 19:53:20 +0000
committer: deraadt <deraadt@openbsd.org> 2014-12-03 19:53:20 +0000
commit: e9c78e4fdd9ea6eaae5fdd22fa029a63a9a2b964 (patch)
tree: c1a29d0644dd3c46e4b0467f8e226402a36dc095 /lib/libssl/src
parent: Spotted another opportunity to use reallocarray(). (diff)
download: wireguard-openbsd-e9c78e4fdd9ea6eaae5fdd22fa029a63a9a2b964.tar.xz
wireguard-openbsd-e9c78e4fdd9ea6eaae5fdd22fa029a63a9a2b964.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/src/crypto/ec/ec_print.c b/lib/libssl/src/crypto/ec/ec_print.c
index 1c142a1df59..af4d1996c0f 100644
--- a/lib/libssl/src/crypto/ec/ec_print.c
+++ b/lib/libssl/src/crypto/ec/ec_print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_print.c,v 1.6 2014/12/03 19:45:16 deraadt Exp $ */
+/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -131,7 +131,7 @@ EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point,
 
 	buf_len = EC_POINT_point2oct(group, point, form,
 	    NULL, 0, ctx);
-	if (buf_len == 0)
+	if (buf_len == 0 || buf_len + 1 == 0)
 		return NULL;
 
 	if ((buf = malloc(buf_len)) == NULL)
author	deraadt <deraadt@openbsd.org>	2014-12-03 19:53:20 +0000
committer	deraadt <deraadt@openbsd.org>	2014-12-03 19:53:20 +0000
commit	e9c78e4fdd9ea6eaae5fdd22fa029a63a9a2b964 (patch)
tree	c1a29d0644dd3c46e4b0467f8e226402a36dc095 /lib/libssl/src
parent	Spotted another opportunity to use reallocarray(). (diff)
download	wireguard-openbsd-e9c78e4fdd9ea6eaae5fdd22fa029a63a9a2b964.tar.xz wireguard-openbsd-e9c78e4fdd9ea6eaae5fdd22fa029a63a9a2b964.zip