[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Apr 26 13:42:14 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 8f43c80bfac15544820739bf035df946eeb603e8 (commit)
from 0ca67644ddedfd656d43a6639d89a6236ff64652 (commit)
- Log -----------------------------------------------------------------
commit 8f43c80bfac15544820739bf035df946eeb603e8
Author: Matt Caswell <matt at openssl.org>
Date: Mon Apr 25 16:05:55 2016 +0100
Ensure we check i2d_X509 return val
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(cherry picked from commit 446ba8de9af9aa4fa3debc7c76a38f4efed47a62)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_x509.c | 15 ++++++++++++---
ssl/ssl_cert.c | 9 +++++++--
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e2cac83..ccdf6df 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -201,10 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
- int length;
+ int length, tmplen;
+ unsigned char *start = *pp;
length = i2d_X509(a, pp);
- if (a)
- length += i2d_X509_CERT_AUX(a->aux, pp);
+ if (length < 0 || a == NULL)
+ return length;
+
+ tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+ if (tmplen < 0) {
+ *pp = start;
+ return tmplen;
+ }
+ length += tmplen;
+
return length;
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index acc5361..f48ebae 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1059,13 +1059,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
unsigned char *p;
n = i2d_X509(x, NULL);
- if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+ if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
return 0;
}
p = (unsigned char *)&(buf->data[*l]);
l2n3(n, p);
- i2d_X509(x, &p);
+ n = i2d_X509(x, &p);
+ if (n < 0) {
+ /* Shouldn't happen */
+ SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+ return 0;
+ }
*l += n + 3;
return 1;
More information about the openssl-commits
mailing list