You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.1 KiB
41 lines
1.1 KiB
7 years ago
|
diff -up openssl-1.0.1e/crypto/evp/encode.c.b64-overflow openssl-1.0.1e/crypto/evp/encode.c
|
||
|
|
--- openssl-1.0.1e/crypto/evp/encode.c.b64-overflow 2016-04-07 15:45:20.000000000 +0200
|
||
|
|
+++ openssl-1.0.1e/crypto/evp/encode.c 2016-04-29 12:46:34.232656522 +0200
|
||
|
|
@@ -132,12 +132,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||
|
|
const unsigned char *in, int inl)
|
||
|
|
{
|
||
|
|
int i,j;
|
||
|
|
- unsigned int total=0;
|
||
|
|
+ size_t total=0;
|
||
|
|
|
||
|
|
*outl=0;
|
||
|
|
if (inl == 0) return;
|
||
|
|
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
|
||
|
|
- if ((ctx->num+inl) < ctx->length)
|
||
|
|
+ if (ctx->length - ctx->num > inl)
|
||
|
|
{
|
||
|
|
memcpy(&(ctx->enc_data[ctx->num]),in,inl);
|
||
|
|
ctx->num+=inl;
|
||
|
|
@@ -156,7 +156,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||
|
|
*out='\0';
|
||
|
|
total=j+1;
|
||
|
|
}
|
||
|
|
- while (inl >= ctx->length)
|
||
|
|
+ while (inl >= ctx->length && total <= INT_MAX)
|
||
|
|
{
|
||
|
|
j=EVP_EncodeBlock(out,in,ctx->length);
|
||
|
|
in+=ctx->length;
|
||
|
|
@@ -166,6 +166,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||
|
|
*out='\0';
|
||
|
|
total+=j+1;
|
||
|
|
}
|
||
|
|
+ if (total > INT_MAX)
|
||
|
|
+ {
|
||
|
|
+ /* Too much output data! */
|
||
|
|
+ *outl = 0;
|
||
|
|
+ return;
|
||
|
|
+ }
|
||
|
|
if (inl != 0)
|
||
|
|
memcpy(&(ctx->enc_data[0]),in,inl);
|
||
|
|
ctx->num=inl;
|