From e8e8b78d651518bfc68238b02d0d36d777a5c5a6 Mon Sep 17 00:00:00 2001
From: Robert Manner <robert.manner@quest.com>
Date: Wed, 11 Jan 2023 16:24:23 +0100
Subject: [PATCH] hx509/hxtool.c: ensure parse_bytes() result does not overflow

---
 lib/hx509/hxtool.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c
index 866e4bfca..9dbb5ccb1 100644
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -33,6 +33,7 @@
 
 #include "hx_locl.h"
 
+#include <stdint.h>
 #include <hxtool-commands.h>
 #include <sl.h>
 #include <rtbl.h>
@@ -1661,13 +1662,15 @@ random_data(void *opt, int argc, char **argv)
 {
     void *ptr;
     ssize_t len;
+    int64_t bytes;
     int ret;
 
-    len = parse_bytes(argv[0], "byte");
-    if (len <= 0) {
+    bytes = parse_bytes(argv[0], "byte");
+    if (bytes <= 0 || bytes > SSIZE_MAX) {
 	fprintf(stderr, "bad argument to random-data\n");
 	return 1;
     }
+    len = bytes;
 
     ptr = malloc(len);
     if (ptr == NULL) {