mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add some sanity checks for BIO_read* and BIO_gets

Browse Source 
Make sure the return value isn't bigger than the buffer len

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2016-10-21 15:21:55 +01:00
parent 42c6046064
commit fbba62f6c9
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/bio/bio_lib.c
View File

@ -278,6 +278,10 @@ static int bio_read_intern(BIO *b, void *data, size_t datal, size_t *read)
ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data,
datal, 0, 0L, ret, read);
/* Shouldn't happen */
if (ret > 0 && *read > datal)
return -1;
return ret;
}
@ -433,6 +437,11 @@ int BIO_gets(BIO *b, char *out, int outl)
return (-2);
}
if (outl < 0) {
BIOerr(BIO_F_BIO_GETS, BIO_R_INVALID_ARGUMENT);
return 0;
}
if (b->callback != NULL || b->callback_ex != NULL) {
ret = (int)bio_call_callback(b, BIO_CB_GETS, out, outl, 0, 0L, 1, NULL);
if (ret <= 0)
@ -456,7 +465,8 @@ int BIO_gets(BIO *b, char *out, int outl)
0, 0L, ret, &read);
if (ret > 0) {
if (read > INT_MAX)
/* Shouldn't happen */
if (read > (size_t)outl)
ret = -1;
else
ret = (int)read;