oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hx509/hxtool.c: ensure parse_bytes() result does not overflow

Browse Source
This commit is contained in:
Robert Manner
2023-01-11 16:24:23 +01:00
committed by Nico Williams
parent 37cd2c16b8
commit e8e8b78d65
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/hx509/hxtool.c
View File

@@ -33,6 +33,7 @@
#include "hx_locl.h" #include "hx_locl.h"
#include <stdint.h>
#include <hxtool-commands.h> #include <hxtool-commands.h>
#include <sl.h> #include <sl.h>
#include <rtbl.h> #include <rtbl.h>
@@ -1661,13 +1662,15 @@ random_data(void *opt, int argc, char **argv)
{ {
void *ptr; void *ptr;
ssize_t len; ssize_t len;
int64_t bytes;
int ret; int ret;
len = parse_bytes(argv[0], "byte"); bytes = parse_bytes(argv[0], "byte");
if (len <= 0) { if (bytes <= 0 || bytes > SSIZE_MAX) {
fprintf(stderr, "bad argument to random-data\n"); fprintf(stderr, "bad argument to random-data\n");
return 1; return 1;
} }
len = bytes;
ptr = malloc(len); ptr = malloc(len);
if (ptr == NULL) { if (ptr == NULL) {