Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve...

author Jake Cooke <jcooke2297@outlook.com>

Tue, 18 May 2021 08:50:54 +0000 (18:20 +0930)

committer Pauli <pauli@openssl.org>

Wed, 19 May 2021 12:12:19 +0000 (22:12 +1000)
author Jake Cooke <jcooke2297@outlook.com>
Tue, 18 May 2021 08:50:54 +0000 (18:20 +0930)
committer Pauli <pauli@openssl.org>
Wed, 19 May 2021 12:12:19 +0000 (22:12 +1000)
diff --git a/engines/e_capi.c b/engines/e_capi.c

index dd66518d3f5614c690e7ba885a0d0b8bce9b5443..2ea3cd20595a9c8a5e4c5c97d45321f1a46de15d 100644 (file)
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1120,10 +1120,19 @@ static char *wide_to_asc(LPCWSTR wstr)
  {
      char *str;
      int len_0, sz;
+    size_t len_1;
  
      if (!wstr)
          return NULL;
-    len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+
+    len_1 = wcslen(wstr) + 1;
+
+    if (len_1 > INT_MAX) {
+           CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+           return NULL;
+    }
+
+    len_0 = (int)len_1; /* WideCharToMultiByte expects int */
      sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
      if (!sz) {
          CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
author	Jake Cooke <jcooke2297@outlook.com>
	Tue, 18 May 2021 08:50:54 +0000 (18:20 +0930)
committer	Pauli <pauli@openssl.org>
	Wed, 19 May 2021 12:12:19 +0000 (22:12 +1000)