diff options
author | RĂ©mi Verschelde <rverschelde@gmail.com> | 2018-01-13 14:43:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-13 14:43:30 +0100 |
commit | a3ee252993e8200c856be3fe664937f9461ee268 (patch) | |
tree | af68e434545e20c538f896e28b73f2db7d626edd /thirdparty/openssl/crypto/LPdir_win.c | |
parent | c01575b3125ce1828f0cacb3f9f00286136f373c (diff) | |
parent | e12c89e8c9896b2e5cdd70dbd2d2acb449ff4b94 (diff) |
Merge pull request #15664 from akien-mga/thirdparty
Bugfix updates to various thirdparty libraries
Diffstat (limited to 'thirdparty/openssl/crypto/LPdir_win.c')
-rw-r--r-- | thirdparty/openssl/crypto/LPdir_win.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/thirdparty/openssl/crypto/LPdir_win.c b/thirdparty/openssl/crypto/LPdir_win.c index 07e63fb424..4961254d9a 100644 --- a/thirdparty/openssl/crypto/LPdir_win.c +++ b/thirdparty/openssl/crypto/LPdir_win.c @@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) TCHAR *wdir = NULL; /* len_0 denotes string length *with* trailing 0 */ size_t index = 0, len_0 = strlen(extdir) + 1; - - wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); + size_t amount; + + /* + * Size check + * The reasoning is that absolutely worst case, each byte in + * extdir will take up one TCHAR each, so the maximum size in + * bytes that we can tolerate is MAX_PATH TCHARs... not counting + * the ending NUL. + */ + if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) { + free(*ctx); + *ctx = NULL; + errno = EINVAL; + return 0; + } + amount = len_0 * sizeof(TCHAR); + wdir = (TCHAR *)malloc(amount); if (wdir == NULL) { if (extdirbuf != NULL) { free(extdirbuf); |