diff options
| author | Jake Cooke <jcooke2297@outlook.com> | 2021-05-18 10:50:54 +0200 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-05-19 14:12:19 +0200 |
| commit | cad4f3facc2ff5dce97b08b9ab8718783358b30c (patch) | |
| tree | 6ccde043767c6e6f663d4f88ac9b55511ef440eb | |
| parent | Make sure to include "crypto/ctype.h" to get ossl_isdigit() (diff) | |
| download | openssl-cad4f3facc2ff5dce97b08b9ab8718783358b30c.tar.xz openssl-cad4f3facc2ff5dce97b08b9ab8718783358b30c.zip | |
Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15316)
| -rw-r--r-- | engines/e_capi.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/engines/e_capi.c b/engines/e_capi.c index dd66518d3f..2ea3cd2059 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -1120,10 +1120,19 @@ static char *wide_to_asc(LPCWSTR wstr) { char *str; int len_0, sz; + size_t len_1; if (!wstr) return NULL; - len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */ + + len_1 = wcslen(wstr) + 1; + + if (len_1 > INT_MAX) { + CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_FUNCTION_NOT_SUPPORTED); + return NULL; + } + + len_0 = (int)len_1; /* WideCharToMultiByte expects int */ sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL); if (!sz) { CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR); |