From 193d39d9b78a9e3c0c257b2e1e9f9dd4a7a13349 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <m@maandree.se>
Date: Fri, 15 May 2026 20:53:25 +0200
Subject: Misc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <m@maandree.se>
---
 librecrypt_add_algorithm.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'librecrypt_add_algorithm.c')

diff --git a/librecrypt_add_algorithm.c b/librecrypt_add_algorithm.c
index 4c6520e..ad21ec4 100644
--- a/librecrypt_add_algorithm.c
+++ b/librecrypt_add_algorithm.c
@@ -62,6 +62,8 @@ librecrypt_add_algorithm(char *out_buffer, size_t size, const char *augend, cons
 				r_int = snprintf(out_buffer, size + 1u, "*%zu", hashsize2);
 				if (r_int < 2)
 					abort(); /* $covered$ (impossible reliably) */
+				if (ret > SIZE_MAX - (size_t)r_int)
+					abort(); /* $covered$ (impossible) */
 				ret += (size_t)r_int;
 			} else {
 				out_buffer[0u] = '\0';
@@ -79,11 +81,19 @@ librecrypt_add_algorithm(char *out_buffer, size_t size, const char *augend, cons
 			r_int = snprintf(NULL, 0u, "*%zu", hashsize2);
 			if (r_int < 2)
 				abort(); /* $covered$ (impossible reliably) */
+			if (ret > SIZE_MAX - (size_t)r_int)
+				abort(); /* $covered$ (impossible) */
 			ret += (size_t)r_int;
 		out:
 			if (nul_term)
 				out_buffer[0u] = '\0';
 		}
+		if (ret > (size_t)SSIZE_MAX) {
+			/* $covered{$ (manually) */
+			errno = EOVERFLOW;
+			return -1;
+			/* $covered}$ */
+		}
 		return (ssize_t)ret;
 	}
 
@@ -96,7 +106,9 @@ librecrypt_add_algorithm(char *out_buffer, size_t size, const char *augend, cons
 		r_int = 0;
 	}
 
-	/* Measure `augent` and '>' in output */
+	/* Measure `augend` and '>' in output */
+	if (prefix1 > SIZE_MAX - 1u - (size_t)r_int)
+		abort(); /* $covered$ (impossible) */
 	ret = prefix1 + (size_t)r_int + 1u;
 
 	/* Decode the hash from base-64 to binary */
@@ -160,6 +172,14 @@ librecrypt_add_algorithm(char *out_buffer, size_t size, const char *augend, cons
 			abort(); /* $covered$ (impossible) */
 		return -1;
 	}
+	if (ret > (size_t)(SSIZE_MAX - r)) {
+		/* $covered{$ (manually) */
+		librecrypt_wipe(phrase, phraselen);
+		free(phrase);
+		errno = EOVERFLOW;
+		return -1;
+		/* $covered}$ */
+	}
 	ret += (size_t)r;
 
 	librecrypt_wipe(phrase, phraselen);
-- 
cgit v1.2.3-70-g09d2