From: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu, 3 Aug 2023 12:09:33 +0000 (+0200)
Subject: Safeguard against overflow inside pkcs11_find_objects
X-Git-Tag: 3.8.1~1^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7f88f4fe53d4d212eee1d2b413f5ece728ce0cc2;p=thirdparty%2Fgnutls.git

Safeguard against overflow inside pkcs11_find_objects

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 30ab8d3c7f..8b8b62b864 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -32,6 +32,7 @@
 #include <datum.h>
 #include <x509/common.h>
 #include <locks.h>
+#include "xsize.h"
 
 #include <pin.h>
 #include <pkcs11_int.h>
@@ -3237,7 +3238,11 @@ static int find_multi_objs_cb(struct ck_function_list *module,
 		}
 
 		if (find_data->current + 1 > alloc_size) {
-			alloc_size = alloc_size == 0 ? 2 : alloc_size * 2;
+			alloc_size = xtimes(xsum(alloc_size, 1), 2);
+			if (size_overflow_p(alloc_size)) {
+				ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+				goto fail;
+			}
 			find_data->p_list = _gnutls_reallocarray_fast(
 				find_data->p_list, alloc_size,
 				sizeof(find_data->p_list[0]));