Fix coverity 1516093 tainted scalar

|uclen| is created from three byte values, so this seems a bit
redundant, but if it makes coverity happy

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19519)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4725185e79d0f40d862690ba00ab9e8bad56534c..6d314c5331fa93f73accbac9b87bc35f24618262 100644 (file)
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1345,7 +1345,8 @@ static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc,
     if (!ossl_comp_has_alg(alg))
         return 0;
 
-    if (uclen == 0 || (ucdata = OPENSSL_malloc(uclen)) == NULL)
+    /* Check against certificate maximum size (coverity) */
+    if (uclen == 0 || uclen > 0xFFFFFF || (ucdata = OPENSSL_malloc(uclen)) == NULL)
         return 0;
 
     switch (alg) {