openssl/oct: improve bound check for len

Signed-off-by: Sergio Correia <[email protected]>
latchset · May 20, 2024 · 97f0d6a · 97f0d6a
1 parent efb5cfa
commit 97f0d6a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/openssl/oct.c b/lib/openssl/oct.c
@@ -45,7 +45,7 @@ jwk_make_execute(jose_cfg_t *cfg, json_t *jwk)
     if (json_unpack(jwk, "{s:I}", "bytes", &len) < 0)
         return false;
 
-    if (len > KEYMAX)
+    if (len <= 0 || len > KEYMAX)
         return false;
 
     if (RAND_bytes(key, len) <= 0)