From 81777339e9ed62cd3b801bf225fa1f2aba4b30dd Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Mon, 21 Sep 2020 11:42:41 +1000
Subject: [PATCH] Fix CID 1466709 : Negative value passed to a function that
 cant be negative in cms_sd.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12930)
---
 crypto/cms/cms_sd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 4b6822f4fd2..121390a8d50 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -854,7 +854,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
 
     alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
                          ASN1_ITEM_rptr(CMS_Attributes_Verify));
-    if (!abuf)
+    if (abuf == NULL || alen < 0)
         goto err;
     r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
     OPENSSL_free(abuf);
-- 
2.47.3