From: Todd Short <tshort@akamai.com>
Date: Thu, 27 Oct 2022 14:27:29 +0000 (-0400)
Subject: Fix coverity 1516093 tainted scalar
X-Git-Tag: openssl-3.2.0-alpha1~1795
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=00e38edcfb95b556a59de96e0c18343828929c8f;p=thirdparty%2Fopenssl.git

Fix coverity 1516093 tainted scalar

|uclen| is created from three byte values, so this seems a bit
redundant, but if it makes coverity happy

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19519)
---

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4725185e79d..6d314c5331f 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1345,7 +1345,8 @@ static int ssl_print_compressed_certificates(BIO *bio, const SSL_CONNECTION *sc,
     if (!ossl_comp_has_alg(alg))
         return 0;
 
-    if (uclen == 0 || (ucdata = OPENSSL_malloc(uclen)) == NULL)
+    /* Check against certificate maximum size (coverity) */
+    if (uclen == 0 || uclen > 0xFFFFFF || (ucdata = OPENSSL_malloc(uclen)) == NULL)
         return 0;
 
     switch (alg) {