diff options
Diffstat (limited to 'lib/x509/ocsp.c')
-rw-r--r-- | lib/x509/ocsp.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 0c71a6e462..e750ac4724 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -38,6 +38,7 @@ #include <auth/cert.h> #include <assert.h> +#include "intprops.h" typedef struct gnutls_ocsp_req_int { ASN1_TYPE req; @@ -1905,9 +1906,13 @@ gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_const_t resp, goto error; } - tmpcerts2 = - gnutls_realloc_fast(tmpcerts, - (ctr + 2) * sizeof(*tmpcerts)); + if (unlikely(INT_ADD_OVERFLOW(ctr, 2))) { + ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + goto error; + } + + tmpcerts2 = _gnutls_reallocarray_fast(tmpcerts, ctr + 2, + sizeof(*tmpcerts)); if (tmpcerts2 == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; @@ -2458,7 +2463,14 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t **ocsps, goto fail; } - new_ocsps = gnutls_realloc(*ocsps, (*size + 1)*sizeof(gnutls_ocsp_resp_t)); + if (unlikely(INT_ADD_OVERFLOW(*size, 1))) { + ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + goto fail; + } + + new_ocsps = _gnutls_reallocarray(*ocsps, + *size + 1, + sizeof(gnutls_ocsp_resp_t)); if (new_ocsps == NULL) { resp = NULL; gnutls_assert(); @@ -2492,7 +2504,7 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t **ocsps, goto cleanup; } - *ocsps = gnutls_malloc(1*sizeof(gnutls_ocsp_resp_t)); + *ocsps = gnutls_malloc(sizeof(gnutls_ocsp_resp_t)); if (*ocsps == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; |