diff options
Diffstat (limited to 'lib/libcrypto/pem/pem_lib.c')
| -rw-r--r-- | lib/libcrypto/pem/pem_lib.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index 1ebae53e74f..e3629762f9c 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.35 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.36 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -389,7 +389,10 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, } kstr = (unsigned char *)buf; } - OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); + if ((size_t)enc->iv_len > sizeof(iv)) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE); + goto err; + } arc4random_buf(iv, enc->iv_len); /* Generate a salt */ /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ @@ -400,8 +403,11 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf, PEM_BUFSIZE); - OPENSSL_assert(strlen(objstr) + 23 + - 2 * enc->iv_len + 13 <= sizeof buf); + if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, + ASN1_R_BUFFER_TOO_SMALL); + goto err; + } buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); |