Commit 4ce06271 authored Apr 27, 2015 by Matt Caswell

Sanity check DES_enc_write buffer length



Add a sanity check to DES_enc_write to ensure the buffer length provided
is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 873fb39f)

parent c5f8cd7b

crypto/des/enc_writ.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
		const unsigned char *cp;
		static int start = 1;

		if (len < 0)
		return -1;

		if (outbuf == NULL) {
		outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
		if (outbuf == NULL)