The branch master has been updated
via 3fde6c9276c9cd6e56e8e06e756350a4fbdd7031 (commit)
from 788d72ba021fdd29f6b3e573adc313d97f7d224d (commit)
- Log -----------------------------------------------------------------
commit 3fde6c9276c9cd6e56e8e06e756350a4fbdd7031
Author: Matt Caswell <[email protected]>
Date: Wed Oct 21 10:00:24 2015 +0100
Avoid undefined behaviour in PACKET_buf_init
Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.
RT#4094
Reviewed-by: Richard Levitte <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
ssl/packet_locl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 507d64f..cb61a93 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -111,7 +111,7 @@ __owur static inline int PACKET_buf_init(PACKET *pkt,
unsigned char *buf,
size_t len)
{
/* Sanity check for negative values. */
- if (buf + len < buf)
+ if (len > (size_t)(SIZE_MAX / 2))
return 0;
pkt->curr = buf;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
