diff options
Diffstat (limited to 'thirdparty/openssl/crypto/LPdir_win.c')
| -rw-r--r-- | thirdparty/openssl/crypto/LPdir_win.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/thirdparty/openssl/crypto/LPdir_win.c b/thirdparty/openssl/crypto/LPdir_win.c index 07e63fb424..4961254d9a 100644 --- a/thirdparty/openssl/crypto/LPdir_win.c +++ b/thirdparty/openssl/crypto/LPdir_win.c @@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) TCHAR *wdir = NULL; /* len_0 denotes string length *with* trailing 0 */ size_t index = 0, len_0 = strlen(extdir) + 1; - - wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); + size_t amount; + + /* + * Size check + * The reasoning is that absolutely worst case, each byte in + * extdir will take up one TCHAR each, so the maximum size in + * bytes that we can tolerate is MAX_PATH TCHARs... not counting + * the ending NUL. + */ + if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) { + free(*ctx); + *ctx = NULL; + errno = EINVAL; + return 0; + } + amount = len_0 * sizeof(TCHAR); + wdir = (TCHAR *)malloc(amount); if (wdir == NULL) { if (extdirbuf != NULL) { free(extdirbuf); |