From 051f541f20abb5757ec6fc40feab77aa992104e7 Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Wed, 29 Nov 2017 05:35:28 +0000
Subject: [PATCH] Avoid out-of-bounds read.

Security:	CVE-2017-3735
Security:	FreeBSD-SA-17:11.openssl
Obtained from:	OpenSSL https://github.com/openssl/openssl/pull/4276


git-svn-id: svn://svn.freebsd.org/base/stable/10@326357 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 crypto/openssl/crypto/x509v3/v3_addr.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/crypto/openssl/crypto/x509v3/v3_addr.c b/crypto/openssl/crypto/x509v3/v3_addr.c
index 1290dec9b..af080a04f 100644
--- a/crypto/openssl/crypto/x509v3/v3_addr.c
+++ b/crypto/openssl/crypto/x509v3/v3_addr.c
@@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
  */
 unsigned int v3_addr_get_afi(const IPAddressFamily *f)
 {
-    return ((f != NULL &&
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
-            : 0);
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
 }
 
 /*
-- 
2.45.0