The branch OpenSSL_1_0_2-stable has been updated via 8f43c80bfac15544820739bf035df946eeb603e8 (commit) from 0ca67644ddedfd656d43a6639d89a6236ff64652 (commit)
- Log ----------------------------------------------------------------- commit 8f43c80bfac15544820739bf035df946eeb603e8 Author: Matt Caswell <m...@openssl.org> Date: Mon Apr 25 16:05:55 2016 +0100 Ensure we check i2d_X509 return val The i2d_X509() function can return a negative value on error. Therefore we should make sure we check it. Issue reported by Yuan Jochen Kang. Reviewed-by: Emilia Käsper <emi...@openssl.org> (cherry picked from commit 446ba8de9af9aa4fa3debc7c76a38f4efed47a62) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_x509.c | 15 ++++++++++++--- ssl/ssl_cert.c | 9 +++++++-- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index e2cac83..ccdf6df 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -201,10 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) int i2d_X509_AUX(X509 *a, unsigned char **pp) { - int length; + int length, tmplen; + unsigned char *start = *pp; length = i2d_X509(a, pp); - if (a) - length += i2d_X509_CERT_AUX(a->aux, pp); + if (length < 0 || a == NULL) + return length; + + tmplen = i2d_X509_CERT_AUX(a->aux, pp); + if (tmplen < 0) { + *pp = start; + return tmplen; + } + length += tmplen; + return length; } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index acc5361..f48ebae 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1059,13 +1059,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) unsigned char *p; n = i2d_X509(x, NULL); - if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { + if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); return 0; } p = (unsigned char *)&(buf->data[*l]); l2n3(n, p); - i2d_X509(x, &p); + n = i2d_X509(x, &p); + if (n < 0) { + /* Shouldn't happen */ + SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); + return 0; + } *l += n + 3; return 1; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits