From 35e264c03232c7843733caa80f8e16bef7e2e829 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Sun, 14 Jul 2019 17:55:15 +1000
Subject: Coverity #1451596: check dirlen for being negative

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9362)
---
 crypto/asn1/bio_ndef.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto/asn1')

diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index d3be967f04..db9bbba940 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -184,6 +184,8 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
         return 0;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if (derlen < 0)
+        return 0;
     if ((p = OPENSSL_malloc(derlen)) == NULL) {
         ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE);
         return 0;
-- 
cgit v1.2.1