speed: range check the argument given to -multi

For machines where sizeof(size_t) == sizeof(int) there is a possible overflow which could cause a crash. For machines where sizeof(size_t) > sizeof(int), the existing checks adequately detect the situation. Fixes #16899 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16904)
2025-01-30 14:01:55 +08:00 · 2021-10-25 11:16:01 +10:00 · 2021-10-25 11:16:01 +10:00 · 7220085f22
commit 7220085f22
parent 089df6f135
1 changed files with 4 additions and 0 deletions
--- a/apps/speed.c
+++ b/apps/speed.c
@ -1540,6 +1540,10 @@ int speed_main(int argc, char **argv)
        case OPT_MULTI:
 #ifndef NO_FORK
            multi = atoi(opt_arg());
+            if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
+                BIO_printf(bio_err, "%s: multi argument too large\n", prog);
+                return 0;
+            }
 #endif
            break;
        case OPT_ASYNCJOBS: