Security-59754.80.3.tar.gz

[apple/security.git] / OSX / sec / Security / p12pbegen.c

diff --git a/OSX/sec/Security/p12pbegen.c b/OSX/sec/Security/p12pbegen.c
index 92c05be9184b8e6a4d513046383e8681b1127fb6..3f33e88843b91ee74c3d0ee49cc1dce2236a06ea 100644 (file)
--- a/OSX/sec/Security/p12pbegen.c
+++ b/OSX/sec/Security/p12pbegen.c
@@ -31,6 +31,8 @@
 
 #include "p12pbegen.h"
 
+#include <security_utilities/simulatecrash_assert.h>
+
 static uint8_t *concatenate_to_blocksize(const uint8_t *data, size_t data_length, 
     size_t blocksize, size_t *blocklength)
 {
@@ -152,13 +154,25 @@ int p12_pbe_gen(CFStringRef passphrase, uint8_t *salt_ptr, size_t salt_length,
         /* tmp1 = B+1 */
 
         const cc_size tmp_n = ccn_nof_size(A_i_len + 1) > ccn_nof_size(hash_blocksize) ? ccn_nof_size(A_i_len + 1) : ccn_nof_size(hash_blocksize);
-        cc_unit tmp1[tmp_n];
+        cc_unit *tmp1 = (cc_unit *)malloc(tmp_n * sizeof(cc_unit));
+        if (!tmp1) {
+            free(A_i);
+            free(I_data);
+            free(temp_buf);
+            return -1;
+        }
         ccn_read_uint(tmp_n, tmp1, A_i_len, A_i);
         ccn_add1(tmp_n, tmp1, tmp1, 1);
 
         free(A_i);
 
-        cc_unit tmp2[tmp_n];
+        cc_unit *tmp2 = (cc_unit *)malloc(tmp_n * sizeof(cc_unit));
+        if (!tmp2) {
+            free(I_data);
+            free(temp_buf);
+            free(tmp1);
+            return -1;
+        }
         unsigned int j;
         for (j = 0; j < I_length; j+=hash_blocksize) {
             /* tempg = I[j];  */
@@ -182,6 +196,8 @@ int p12_pbe_gen(CFStringRef passphrase, uint8_t *salt_ptr, size_t salt_length,
         }
 
         cursor += hash_outputsize;
+        free(tmp1);
+        free(tmp2);
     }
 
     /*