Check ASN1_item_ndef_i2d() return value.

Return an error instead of trying to malloc a negative number. The other usage in this file already had a similar check, and the caller should have put an entry on the error stack already. Note that we only check the initial calls to obtain the encoded length, and assume that the follow-up call to actually encode to the allocated storage will succeed if the first one did. Fixes: openssl#14177 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl#14308)
open-quantum-safe · Feb 26, 2021 · 90b4247 · 90b4247
1 parent d2ccfb9
commit 90b4247
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
@@ -114,6 +114,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if (derlen < 0)
+        return 0;
     if ((p = OPENSSL_malloc(derlen)) == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
         return 0;