From c341e85b1c49fd0dce2dc809cc6c4a63b8d853f4 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 10 Jul 2013 02:19:47 +0000
Subject: [PATCH] ossl.c: check integer overflow

* ext/openssl/ossl.c (Init_ossl_locks): check integer overflow.
  OPENSSL_malloc() takes int only.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41879 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/openssl/ossl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index f86a3eee27..e052a2ce09 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -480,9 +480,13 @@ static unsigned long ossl_thread_id(void)
 static void Init_ossl_locks(void)
 {
     int i;
+    int num_locks = CRYPTO_num_locks();
 
-    ossl_locks = (VALUE*) OPENSSL_malloc(CRYPTO_num_locks() * sizeof(VALUE));
-    for (i = 0; i < CRYPTO_num_locks(); i++) {
+    if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) {
+	rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks);
+    }
+    ossl_locks = (VALUE*) OPENSSL_malloc(num_locks * (int)sizeof(VALUE));
+    for (i = 0; i < num_locks; i++) {
 	ossl_locks[i] = rb_mutex_new();
 	rb_global_variable(&(ossl_locks[i]));
     }