diff options
| author | Rémi Verschelde | 2018-01-13 13:39:08 +0100 |
|---|---|---|
| committer | Rémi Verschelde | 2018-01-13 13:39:08 +0100 |
| commit | 00abb1f201cbe1e40c2eef30819be115d3d04d10 (patch) | |
| tree | 7eb36871dd7af02db7d2f59482644a56bc79d7bb /thirdparty/openssl/crypto/LPdir_win.c | |
| parent | de0b31edd5b36b8c8016b7ca50c1823f2efbfa74 (diff) | |
| download | godot-00abb1f201cbe1e40c2eef30819be115d3d04d10.tar.gz godot-00abb1f201cbe1e40c2eef30819be115d3d04d10.tar.zst godot-00abb1f201cbe1e40c2eef30819be115d3d04d10.zip | |
Diffstat (limited to 'thirdparty/openssl/crypto/LPdir_win.c')
| -rw-r--r-- | thirdparty/openssl/crypto/LPdir_win.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/thirdparty/openssl/crypto/LPdir_win.c b/thirdparty/openssl/crypto/LPdir_win.c index 07e63fb42..4961254d9 100644 --- a/thirdparty/openssl/crypto/LPdir_win.c +++ b/thirdparty/openssl/crypto/LPdir_win.c @@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) TCHAR *wdir = NULL; /* len_0 denotes string length *with* trailing 0 */ size_t index = 0, len_0 = strlen(extdir) + 1; + size_t amount; - wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); + /* + * Size check + * The reasoning is that absolutely worst case, each byte in + * extdir will take up one TCHAR each, so the maximum size in + * bytes that we can tolerate is MAX_PATH TCHARs... not counting + * the ending NUL. + */ + if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) { + free(*ctx); + *ctx = NULL; + errno = EINVAL; + return 0; + } + amount = len_0 * sizeof(TCHAR); + wdir = (TCHAR *)malloc(amount); if (wdir == NULL) { if (extdirbuf != NULL) { free(extdirbuf); |