Blame SOURCES/openssl-1.0.2k-cve-2017-3735.patch

7779df
diff -up openssl-1.0.2k/crypto/x509v3/v3_addr.c.overread openssl-1.0.2k/crypto/x509v3/v3_addr.c
7779df
--- openssl-1.0.2k/crypto/x509v3/v3_addr.c.overread	2017-01-26 14:22:04.000000000 +0100
7779df
+++ openssl-1.0.2k/crypto/x509v3/v3_addr.c	2018-06-18 13:49:30.001625137 +0200
7779df
@@ -130,10 +130,12 @@ static int length_from_afi(const unsigne
7779df
  */
7779df
 unsigned int v3_addr_get_afi(const IPAddressFamily *f)
7779df
 {
7779df
-    return ((f != NULL &&
7779df
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
7779df
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
7779df
-            : 0);
7779df
+    if (f == NULL
7779df
+            || f->addressFamily == NULL
7779df
+            || f->addressFamily->data == NULL
7779df
+            || f->addressFamily->length < 2)
7779df
+        return 0;
7779df
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
7779df
 }
7779df
 
7779df
 /*