X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/d87e115847b84cc1c3a1ef198a20181cd85b5309..60c433a9f80a92b51b33f65f1f58883e8fe843be:/Security/libsecurity_smime/lib/cmsutil.c

diff --git a/Security/libsecurity_smime/lib/cmsutil.c b/Security/libsecurity_smime/lib/cmsutil.c
index 020460cf..73587d85 100644
--- a/Security/libsecurity_smime/lib/cmsutil.c
+++ b/Security/libsecurity_smime/lib/cmsutil.c
@@ -81,6 +81,10 @@ SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **obj
      * Allocate arrays to hold the individual encodings which we will use
      * for comparisons and the reordered attributes as they are sorted.
      */
+    // Security check to prevent under-allocation
+    if (num_objs<0 || num_objs>=(int)((INT_MAX/sizeof(CSSM_DATA_PTR))-1)) {
+        goto loser;
+    }
     enc_objs = (CSSM_DATA_PTR *)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(CSSM_DATA_PTR));
     if (enc_objs == NULL)
 	goto loser;