From 3e37a7f745e6a91238742fe180bfba738d60624a Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 24 Dec 2013 16:44:49 +0000
Subject: ossl.c: integer overflow

* ext/openssl/ossl.c (string2hex): fix signed integer overflow.
  [ruby-core:51711] [Bug #7744] [Fixes GH-242]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/openssl/ossl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'ext/openssl/ossl.c')

diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 43ccf4c3fd..689f21ae0f 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -18,11 +18,12 @@ int
 string2hex(const unsigned char *buf, int buf_len, char **hexbuf, int *hexbuf_len)
 {
     static const char hex[]="0123456789abcdef";
-    int i, len = 2 * buf_len;
+    int i, len;
 
-    if (buf_len < 0 || len < buf_len) { /* PARANOIA? */
+    if (buf_len < 0 || buf_len > INT_MAX / 2) { /* PARANOIA? */
 	return -1;
     }
+    len = 2 * buf_len;
     if (!hexbuf) { /* if no buf, return calculated len */
 	if (hexbuf_len) {
 	    *hexbuf_len = len;
-- 
cgit v1.2.3