aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/buffer
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2012-06-15 14:13:55 +0200
committermarha <marha@users.sourceforge.net>2012-06-15 14:13:55 +0200
commit1501699f035761714a1d4540d65a1afb7c567abe (patch)
tree4dd4d15583d9d542a699833331f34ceb10bbd6c3 /openssl/crypto/buffer
parent38c18d1733e4eb5cc560a34bfe2470e01a06205d (diff)
parenta33de30073bfa0ee1abba186dba9fa52cf0aa23a (diff)
downloadvcxsrv-1501699f035761714a1d4540d65a1afb7c567abe.tar.gz
vcxsrv-1501699f035761714a1d4540d65a1afb7c567abe.tar.bz2
vcxsrv-1501699f035761714a1d4540d65a1afb7c567abe.zip
Merge remote-tracking branch 'origin/released'
Conflicts: freetype/src/raster/ftraster.c openssl/Makefile
Diffstat (limited to 'openssl/crypto/buffer')
-rw-r--r--openssl/crypto/buffer/buffer.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/openssl/crypto/buffer/buffer.c b/openssl/crypto/buffer/buffer.c
index f4b358bbb..d7aa79ad7 100644
--- a/openssl/crypto/buffer/buffer.c
+++ b/openssl/crypto/buffer/buffer.c
@@ -60,6 +60,11 @@
#include "cryptlib.h"
#include <openssl/buffer.h>
+/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit ensures
+ * that the result fits in an int. */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
BUF_MEM *BUF_MEM_new(void)
{
BUF_MEM *ret;
@@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);
@@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);