[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Oct 21 15:15:56 UTC 2015
The branch master has been updated
via 3fde6c9276c9cd6e56e8e06e756350a4fbdd7031 (commit)
from 788d72ba021fdd29f6b3e573adc313d97f7d224d (commit)
- Log -----------------------------------------------------------------
commit 3fde6c9276c9cd6e56e8e06e756350a4fbdd7031
Author: Matt Caswell <matt at openssl.org>
Date: Wed Oct 21 10:00:24 2015 +0100
Avoid undefined behaviour in PACKET_buf_init
Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.
RT#4094
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/packet_locl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h
index 507d64f..cb61a93 100644
--- a/ssl/packet_locl.h
+++ b/ssl/packet_locl.h
@@ -111,7 +111,7 @@ __owur static inline int PACKET_buf_init(PACKET *pkt, unsigned char *buf,
size_t len)
{
/* Sanity check for negative values. */
- if (buf + len < buf)
+ if (len > (size_t)(SIZE_MAX / 2))
return 0;
pkt->curr = buf;
More information about the openssl-commits
mailing list