From fed2dc71994092c34c7baa1717af012454d13c56 Mon Sep 17 00:00:00 2001 From: Sergio Correia Date: Wed, 22 May 2024 10:10:38 +0100 Subject: [PATCH] openssl/oct: improve bound check for len (#162) Signed-off-by: Sergio Correia --- lib/openssl/oct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openssl/oct.c b/lib/openssl/oct.c index df4f0907..ef76b4ef 100644 --- a/lib/openssl/oct.c +++ b/lib/openssl/oct.c @@ -45,7 +45,7 @@ jwk_make_execute(jose_cfg_t *cfg, json_t *jwk) if (json_unpack(jwk, "{s:I}", "bytes", &len) < 0) return false; - if (len > KEYMAX) + if (len <= 0 || len > KEYMAX) return false; if (RAND_bytes(key, len) <= 0)