thodg/libgit2

Browse

Commit 657197e6541df32ffa3a093f85b7810ebd6ff566

Patrick Steinhardt 2019-01-23T15:54:05

openssl: fix potential size overflow when writing data Our `openssl_write` function calls `SSL_write` by passing in both `data` and `len` arguments directly. Thing is, our `len` parameter is of type `size_t` and theirs is of type `int`. We thus need to clamp our length to be at most `INT_MAX`. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index 354e0f8..fe5f79c 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -649,9 +649,8 @@ static ssize_t openssl_write(git_stream *stream, const char *data, size_t data_l
 
 	GIT_UNUSED(flags);
 
-	if ((ret = SSL_write(st->ssl, data, len)) <= 0) {
+	if ((ret = SSL_write(st->ssl, data, len)) <= 0)
 		return ssl_set_error(st->ssl, ret);
-	}
 
 	return ret;
 }
kmx.io     mail     discord kmxgit v0.4.0