Check for error return from ASN1_object_size

Otherwise we try to malloc a -1 size. Reviewed-by: Tim Hudson <tjh@openssl.org>
2025-01-30 14:01:55 +08:00 · 2016-08-22 23:39:28 +01:00 · 2016-08-22 23:39:28 +01:00 · b197257d71
commit b197257d71
parent 4d94bd362d
1 changed files with 3 additions and 0 deletions
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@ -256,6 +256,9 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
     * relies on library internals.
     */
    os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    if (os.length < 0)
+        goto err;
+
    os.data = OPENSSL_malloc(os.length);
    if (os.data == NULL)
        goto err;