cyassl: Check for invalid length parameter in Curl_cyassl_random

author Jay Satiro <raysatiro@yahoo.com>

Wed, 25 Mar 2015 06:37:20 +0000 (02:37 -0400)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 25 Mar 2015 07:08:12 +0000 (08:08 +0100)
author Jay Satiro <raysatiro@yahoo.com>
Wed, 25 Mar 2015 06:37:20 +0000 (02:37 -0400)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 25 Mar 2015 07:08:12 +0000 (08:08 +0100)
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c

index 090270a084111a33b97d13e2258f7947018654da..72e1792df0bd5c497faae0b85c54e5450ae95dbe 100644 (file)
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -640,7 +640,9 @@ int Curl_cyassl_random(struct SessionHandle *data,
    (void)data;
    if(InitRng(&rng))
      return 1;
-  if(RNG_GenerateBlock(&rng, entropy, length))
+  if(length > UINT_MAX)
+    return 1;
+  if(RNG_GenerateBlock(&rng, entropy, (unsigned)length))
      return 1;
    return 0;
  }
author	Jay Satiro <raysatiro@yahoo.com>
	Wed, 25 Mar 2015 06:37:20 +0000 (02:37 -0400)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 25 Mar 2015 07:08:12 +0000 (08:08 +0100)