diff options
author | Adam Langley <agl@chromium.org> | 2014-07-16 21:16:06 +0400 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2014-07-16 22:14:32 +0400 |
commit | 8750fe58f4bd74a3dd1aeba47ace94907d0a7de5 (patch) | |
tree | 2f1603f6ec6e89c16c2755e16e6bfc01a41c44d5 /crypto/x509 | |
parent | 8f3234b2c8efc4aea4e49e0b7e03b29131c99662 (diff) |
base64: fix underflow in EVP_EncodeBlock.
When I switched the base64 code to use size_t, I missed that one of the
loops was counting down, not up, and depended on the loop variable going
negative.
Additionally this change fixes a bug in NETSCAPE_SPKI_b64_encode where
the size of the result buffer was incorrectly calculated and a possible
memory leak.
Change-Id: Ibdf644244291274f50b314f3bb13a61b46858ca1
Reviewed-on: https://boringssl-review.googlesource.com/1220
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509spki.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index ffadcb4f..243a7d26 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -105,8 +105,13 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) int der_len; der_len = i2d_NETSCAPE_SPKI(spki, NULL); der_spki = OPENSSL_malloc(der_len); - b64_str = OPENSSL_malloc(der_len * 2); - if(!der_spki || !b64_str) { + if (der_spki == NULL) { + OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE); + return NULL; + } + b64_str = OPENSSL_malloc((der_len + 2) / 3 * 4 + 1); + if (b64_str == NULL) { + OPENSSL_free(der_spki); OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE); return NULL; } |