openssl: fix potential size overflow when writing data

pks-t · ethomson · commit 657197e6541d · 2019-01-31T13:47:42.000Z
Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
@@ -649,9 +649,8 @@ static ssize_t openssl_write(git_stream *stream, const char *data, size_t data_l
 
 	GIT_UNUSED(flags);
 
-	if ((ret = SSL_write(st->ssl, data, len)) <= 0) {
+	if ((ret = SSL_write(st->ssl, data, len)) <= 0)
 		return ssl_set_error(st->ssl, ret);
-	}
 
 	return ret;
 }

Original file line number	Diff line number	Diff line change
`@@ -649,9 +649,8 @@ static ssize_t openssl_write(git_stream stream, const char data, size_t data_l`
`649`	`649`
`650`	`650`	`GIT_UNUSED(flags);`
`651`	`651`
`652`		`- if ((ret = SSL_write(st->ssl, data, len)) <= 0) {`
	`652`	`+ if ((ret = SSL_write(st->ssl, data, len)) <= 0)`
`653`	`653`	`return ssl_set_error(st->ssl, ret);`
`654`		`- }`
`655`	`654`
`656`	`655`	`return ret;`
`657`	`656`	`}`