size_t RSA_private_decrypt's input.

Change-Id: If05761052e235b38d9798b2fe4d8ba44293af891 Reviewed-on: https://boringssl-review.googlesource.com/5944 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2015-09-19 20:35:39 +0300
committer: Adam Langley <agl@google.com> 2015-09-24 02:55:18 +0300
commit: 79c59a30b5e7dd7d093e9d3c759848792211f8ee (patch)
tree: 3abdeea0d41cc865c309c598ce5a5129a76261ce /crypto
parent: d98dc1311e20193ac188e359e91aeaaf5cc3a7e2 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index 2f23165c..63eb170c 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -56,6 +56,7 @@
 
 #include <openssl/rsa.h>
 
+#include <limits.h>
 #include <string.h>
 
 #include <openssl/bn.h>
@@ -240,7 +241,7 @@ int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
                                     padding);
 }
 
-int RSA_private_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa,
+int RSA_private_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
                         int padding) {
   size_t out_len;
 
@@ -248,6 +249,10 @@ int RSA_private_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa,
     return -1;
   }
 
+  if (out_len > INT_MAX) {
+    OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
+    return -1;
+  }
   return out_len;
 }
author	David Benjamin <davidben@chromium.org>	2015-09-19 20:35:39 +0300
committer	Adam Langley <agl@google.com>	2015-09-24 02:55:18 +0300
commit	79c59a30b5e7dd7d093e9d3c759848792211f8ee (patch)
tree	3abdeea0d41cc865c309c598ce5a5129a76261ce /crypto
parent	d98dc1311e20193ac188e359e91aeaaf5cc3a7e2 (diff)