From: Pauli <pauli@openssl.org>
Date: Mon, 25 Oct 2021 01:16:01 +0000 (+1000)
Subject: speed: range check the argument given to -multi
X-Git-Tag: openssl-3.2.0-alpha1~3423
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7220085f22cf6c49933ea8287eb15db57f7ab0db;p=thirdparty%2Fopenssl.git

speed: range check the argument given to -multi

For machines where sizeof(size_t) == sizeof(int) there is a possible overflow
which could cause a crash.

For machines where sizeof(size_t) > sizeof(int), the existing checks adequately
detect the situation.

Fixes #16899

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16904)
---

diff --git a/apps/speed.c b/apps/speed.c
index 1e5295398f6..4dd9ce08851 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1540,6 +1540,10 @@ int speed_main(int argc, char **argv)
         case OPT_MULTI:
 #ifndef NO_FORK
             multi = atoi(opt_arg());
+            if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
+                BIO_printf(bio_err, "%s: multi argument too large\n", prog);
+                return 0;
+            }
 #endif
             break;
         case OPT_ASYNCJOBS: