Commit 3fde6c92 authored by Matt Caswell's avatar Matt Caswell
Browse files

Avoid undefined behaviour in PACKET_buf_init 



Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.

RT#4094

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 788d72ba

ssl/packet_locl.h

+1 −1
Original line number Diff line number Diff line
@@ -111,7 +111,7 @@ __owur static inline int PACKET_buf_init(PACKET *pkt, unsigned char *buf, 
                                         size_t len)

{

    /* Sanity check for negative values. */

    if (buf + len < buf)

    if (len > (size_t)(SIZE_MAX / 2))

        return 0;



    pkt->curr = buf;