Security-57031.30.12.tar.gz

[apple/security.git] / libsecurity_smime / lib / cmsutil.c

diff --git a/libsecurity_smime/lib/cmsutil.c b/libsecurity_smime/lib/cmsutil.c
index 31117217d6b04acbe2d099471e25d4b0ece60ff9..10faaea2a52154c3d84b9bd484352dc65bbde9bc 100644 (file)
--- a/libsecurity_smime/lib/cmsutil.c
+++ b/libsecurity_smime/lib/cmsutil.c
@@ -91,6 +91,10 @@ SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **obj
      * Allocate arrays to hold the individual encodings which we will use
      * for comparisons and the reordered attributes as they are sorted.
      */
+    // Security check to prevent under-allocation
+    if (num_objs<0 || num_objs>=(int)((INT_MAX/sizeof(SecAsn1Item *))-1)) {
+        goto loser;
+    }
     enc_objs = (SecAsn1Item **)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(SecAsn1Item *));
     if (enc_objs == NULL)
        goto loser;