From d29f8b460c9d4b5609c2330d97ecf9ffec210453 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Wed, 25 Mar 2015 02:37:20 -0400 Subject: cyassl: Check for invalid length parameter in Curl_cyassl_random --- lib/vtls/cyassl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 090270a08..72e1792df 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -640,7 +640,9 @@ int Curl_cyassl_random(struct SessionHandle *data, (void)data; if(InitRng(&rng)) return 1; - if(RNG_GenerateBlock(&rng, entropy, length)) + if(length > UINT_MAX) + return 1; + if(RNG_GenerateBlock(&rng, entropy, (unsigned)length)) return 1; return 0; } -- cgit v1.2.3