Sanity check DES_enc_write buffer length

Add a sanity check to DES_enc_write to ensure the buffer length provided is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 873fb39f20)
2015-04-27 11:04:56 +01:00 · 2015-04-27 11:04:56 +01:00 · 3be5df2272
commit 3be5df2272
parent 80a06268ae
1 changed files with 3 additions and 0 deletions
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
    const unsigned char *cp;
    static int start = 1;

+    if (len < 0)
+        return -1;
+
    if (outbuf == NULL) {
        outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
        if (outbuf == NULL)