Fix an issue that might possibly turn into a DOS depending on

how application software uses the API function BIO_indent(3):

If the caller asks for some output, but not more than some negative
number of bytes, give them zero bytes of output rather than drowning
them in nearly INT_MAX bytes.

OK tb@

diff --git a/lib/libcrypto/bio/bio_lib.c b/lib/libcrypto/bio/bio_lib.c
index 05f0258..85eb0f0 100644 (file)
--- a/lib/libcrypto/bio/bio_lib.c
+++ b/lib/libcrypto/bio/bio_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.30 2021/10/24 13:46:56 tb Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.31 2021/12/09 15:28:58 schwarze Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -391,10 +391,10 @@ BIO_gets(BIO *b, char *in, int inl)
 int
 BIO_indent(BIO *b, int indent, int max)
 {
-       if (indent < 0)
-               indent = 0;
        if (indent > max)
                indent = max;
+       if (indent < 0)
+               indent = 0;
        while (indent--)
                if (BIO_puts(b, " ") != 1)
                        return 0;