kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Handle overflow in ascii_to_ucs2.

Browse Source 
Change-Id: Ie9a0039931a1a8d48a82c11ef5c58d6ee084ca4c
Reviewed-on: https://boringssl-review.googlesource.com/13070
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
This commit is contained in:
David Benjamin 2017-01-01 04:13:31 -05:00 committed by Adam Langley
parent 9d0e7fb6e7
commit 7f539fa008
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/pkcs8/pkcs8.c
View File

@ -82,23 +82,21 @@
static int ascii_to_ucs2(const char *ascii, size_t ascii_len,
uint8_t **out, size_t *out_len) {
uint8_t *unitmp;
size_t ulen, i;
ulen = ascii_len * 2 + 2;
if (ulen < ascii_len) {
size_t ulen = ascii_len * 2 + 2;
if (ascii_len * 2 < ascii_len || ulen < ascii_len * 2) {
return 0;
}
unitmp = OPENSSL_malloc(ulen);
uint8_t *unitmp = OPENSSL_malloc(ulen);
if (unitmp == NULL) {
return 0;
}
for (i = 0; i < ulen - 2; i += 2) {
for (size_t i = 0; i < ulen - 2; i += 2) {
unitmp[i] = 0;
unitmp[i + 1] = ascii[i >> 1];
}
/* Make result double null terminated */
/* Terminate the result with a UCS-2 NUL. */
unitmp[ulen - 2] = 0;
unitmp[ulen - 1] = 0;
*out_len = ulen;