From: Shane Lontis <shane.lontis@oracle.com>
Date: Mon, 24 Aug 2020 02:45:50 +0000 (+1000)
Subject: Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative... 
X-Git-Tag: openssl-3.0.0-alpha7~384
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5340c8ea2a25d17ee2ce1f35d1fb545b8487e84b;p=thirdparty%2Fopenssl.git

Fix coverity CID #1452769 & #1452771 - Arg passed to function that cannot be negative in cms_ess.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12708)
---

diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 3e545b7addc..b6b2037532b 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -430,12 +430,12 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
 int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc)
 {
     ASN1_STRING *seq = NULL;
-    unsigned char *p, *pp;
+    unsigned char *p, *pp = NULL;
     int len;
 
     /* Add SigningCertificateV2 signed attribute to the signer info. */
     len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
-    if ((pp = OPENSSL_malloc(len)) == NULL)
+    if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL)
         goto err;
     p = pp;
     i2d_ESS_SIGNING_CERT_V2(sc, &p);
@@ -462,12 +462,12 @@ int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc)
 int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc)
 {
     ASN1_STRING *seq = NULL;
-    unsigned char *p, *pp;
+    unsigned char *p, *pp = NULL;
     int len;
 
     /* Add SigningCertificate signed attribute to the signer info. */
     len = i2d_ESS_SIGNING_CERT(sc, NULL);
-    if ((pp = OPENSSL_malloc(len)) == NULL)
+    if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL)
         goto err;
     p = pp;
     i2d_ESS_SIGNING_CERT(sc, &p);