aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/buffer
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2012-06-15 14:04:46 +0200
committermarha <marha@users.sourceforge.net>2012-06-15 14:04:46 +0200
commita33de30073bfa0ee1abba186dba9fa52cf0aa23a (patch)
tree9eae122e901b9a1d1c7cfcfc2385202793a1f92a /openssl/crypto/buffer
parent7a2af605c2c2b0d2e9bbb0b161eba8842acefbcb (diff)
downloadvcxsrv-a33de30073bfa0ee1abba186dba9fa52cf0aa23a.tar.gz
vcxsrv-a33de30073bfa0ee1abba186dba9fa52cf0aa23a.tar.bz2
vcxsrv-a33de30073bfa0ee1abba186dba9fa52cf0aa23a.zip
Updated to following packages:
freetype-2.4.10 libXaw-1.0.11 openssl-1.0.1c
Diffstat (limited to 'openssl/crypto/buffer')
-rw-r--r--openssl/crypto/buffer/buffer.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/openssl/crypto/buffer/buffer.c b/openssl/crypto/buffer/buffer.c
index f4b358bbb..d7aa79ad7 100644
--- a/openssl/crypto/buffer/buffer.c
+++ b/openssl/crypto/buffer/buffer.c
@@ -60,6 +60,11 @@
#include "cryptlib.h"
#include <openssl/buffer.h>
+/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit ensures
+ * that the result fits in an int. */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
BUF_MEM *BUF_MEM_new(void)
{
BUF_MEM *ret;
@@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);
@@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);