diff options
Diffstat (limited to 'lib/x509/pkcs12.c')
-rw-r--r-- | lib/x509/pkcs12.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 2dc0823905..965de6fe02 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -37,6 +37,7 @@ #include "x509_int.h" #include "pkcs7_int.h" #include <random.h> +#include "intprops.h" /* Decodes the PKCS #12 auth_safe, and returns the allocated raw data, @@ -1455,10 +1456,13 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, != 0) goto skip; - *chain = - gnutls_realloc_fast(*chain, - sizeof((*chain)[0]) * - ++(*chain_len)); + if (unlikely(INT_ADD_OVERFLOW(*chain_len, 1))) { + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + } + + *chain = _gnutls_reallocarray_fast(*chain, + ++(*chain_len), + sizeof((*chain)[0])); if (*chain == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -1778,12 +1782,15 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, } if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */ + if (unlikely(INT_ADD_OVERFLOW(_extra_certs_len, 1))) { + ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + goto done; + } + _extra_certs = - gnutls_realloc_fast - (_extra_certs, - sizeof(_extra_certs - [0]) * - ++_extra_certs_len); + _gnutls_reallocarray_fast(_extra_certs, + ++_extra_certs_len, + sizeof(_extra_certs[0])); if (!_extra_certs) { gnutls_assert(); ret = |