Security-57031.30.12.tar.gz

[apple/security.git] / Security / libsecurity_smime / lib / cmsutil.c

diff --git a/Security/libsecurity_smime/lib/cmsutil.c b/Security/libsecurity_smime/lib/cmsutil.c
index 020460cf61815096733b0440b71a87789b0e4c36..73587d852ada556fde4d1115daed7fc1a2180847 100644 (file)
--- a/Security/libsecurity_smime/lib/cmsutil.c
+++ b/Security/libsecurity_smime/lib/cmsutil.c
@@ -81,6 +81,10 @@ SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **obj
      * Allocate arrays to hold the individual encodings which we will use
      * for comparisons and the reordered attributes as they are sorted.
      */
+    // Security check to prevent under-allocation
+    if (num_objs<0 || num_objs>=(int)((INT_MAX/sizeof(CSSM_DATA_PTR))-1)) {
+        goto loser;
+    }
     enc_objs = (CSSM_DATA_PTR *)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(CSSM_DATA_PTR));
     if (enc_objs == NULL)
        goto loser;