From eb92844be4d4eb01ae4d95dcadae3ab6133377c5 Mon Sep 17 00:00:00 2001
From: doug <doug@openbsd.org>
Date: Wed, 29 Apr 2015 01:23:20 +0000
Subject: [PATCH] Added error checking for len argument in cbs_get_u().

tweak + ok jsing@
---
 lib/libssl/bs_cbs.c         | 5 ++++-
 lib/libssl/src/ssl/bs_cbs.c | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/libssl/bs_cbs.c b/lib/libssl/bs_cbs.c
index 25305b9edd2..fc2eafff0eb 100644
--- a/lib/libssl/bs_cbs.c
+++ b/lib/libssl/bs_cbs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs_cbs.c,v 1.4 2015/04/29 01:16:06 doug Exp $	*/
+/*	$OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -110,6 +110,9 @@ cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
 	size_t i;
 	const uint8_t *data;
 
+	if (len < 1 || len > 4)
+		return 0;
+
 	if (!cbs_get(cbs, &data, len))
 		return 0;
 
diff --git a/lib/libssl/src/ssl/bs_cbs.c b/lib/libssl/src/ssl/bs_cbs.c
index 25305b9edd2..fc2eafff0eb 100644
--- a/lib/libssl/src/ssl/bs_cbs.c
+++ b/lib/libssl/src/ssl/bs_cbs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs_cbs.c,v 1.4 2015/04/29 01:16:06 doug Exp $	*/
+/*	$OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -110,6 +110,9 @@ cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
 	size_t i;
 	const uint8_t *data;
 
+	if (len < 1 || len > 4)
+		return 0;
+
 	if (!cbs_get(cbs, &data, len))
 		return 0;
 
-- 
2.20.1