Make sure max in fmtstr() doesn't overflow into negativity

Reviewed-by: Matt Caswell <matt@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2016-05-30 05:41:57 +0200
committer: Richard Levitte <levitte@openssl.org> 2016-05-30 05:41:57 +0200
commit: 453fc7a0185dcd046a8ab2b029e0807a073f93c2 (patch)
tree: 872923b9f10069f2d25b4f383b900cbc8f87633f /crypto/bio
parent: set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num (diff)
download: openssl-453fc7a0185dcd046a8ab2b029e0807a073f93c2.tar.xz
openssl-453fc7a0185dcd046a8ab2b029e0807a073f93c2.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 545c469810..1b70bac71b 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -390,8 +390,16 @@ fmtstr(char **sbuffer,
     padlen = min - strln;
     if (min < 0 || padlen < 0)
         padlen = 0;
-    if (max >= 0)
-        max += padlen;      /* The maximum output including padding */
+    if (max >= 0) {
+        /*
+         * Calculate the maximum output including padding.
+         * Make sure max doesn't overflow into negativity
+         */
+        if (max < INT_MAX - padlen)
+            max += padlen;
+        else
+            max = INT_MAX;
+    }
     if (flags & DP_F_MINUS)
         padlen = -padlen;
author	Richard Levitte <levitte@openssl.org>	2016-05-30 05:41:57 +0200
committer	Richard Levitte <levitte@openssl.org>	2016-05-30 05:41:57 +0200
commit	453fc7a0185dcd046a8ab2b029e0807a073f93c2 (patch)
tree	872923b9f10069f2d25b4f383b900cbc8f87633f /crypto/bio
parent	set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num (diff)
download	openssl-453fc7a0185dcd046a8ab2b029e0807a073f93c2.tar.xz openssl-453fc7a0185dcd046a8ab2b029e0807a073f93c2.zip