Check for potentially exploitable overflows in asn1_d2i_read_bio

[thirdparty/openssl.git] / crypto / mem.c

diff --git a/crypto/mem.c b/crypto/mem.c
index 8f736c3b1f527d482c941d998447cdf1657cfa6d..21c0011380830d647571a148707d16660d435354 100644 (file)
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -363,6 +363,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
 
        if (num <= 0) return NULL;
 
+       /* We don't support shrinking the buffer. Note the memcpy that copies
+        * |old_len| bytes to the new buffer, below. */
+       if (num < old_len) return NULL;
+
        if (realloc_debug_func != NULL)
                realloc_debug_func(str, NULL, num, file, line, 0);
        ret=malloc_ex_func(num,file,line);