Commit 0971432f authored by Richard Levitte's avatar Richard Levitte
Browse files

i2d_ASN1_OBJECT(): allocate memory if the user didn't provide a buffer 



Since 0.9.7, all i2d_ functions were documented to allocate an output
buffer if the user didn't provide one, under these conditions (from
the 1.0.2 documentation):

    For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
    allocated for a buffer and the encoded data written to it. In this
    case B<*out> is not incremented and it points to the start of the
    data just written.

i2d_ASN1_OBJECT was found not to do this, and would crash if a NULL
output buffer was provided.

Fixes #6914

Reviewed-by: default avatarMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6918)

(cherry picked from commit 61140415)
parent ec3f996b

crypto/asn1/a_object.c

+16 −5
Original line number Diff line number Diff line
@@ -66,7 +66,7 @@ 


int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)

{

    unsigned char *p;

    unsigned char *p, *allocated = NULL;

    int objsize;



    if ((a == NULL) || (a->data == NULL))
@@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) 
    if (pp == NULL || objsize == -1)

        return objsize;



    if (*pp == NULL) {

        if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {

            ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);

            return 0;

        }

    } else {

        p = *pp;

    }



    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);

    memcpy(p, a->data, a->length);

    p += a->length;



    *pp = p;

    return (objsize);

    /*

     * If a new buffer was allocated, just return it back.

     * If not, return the incremented buffer pointer.

     */

    *pp = allocated != NULL ? allocated : p + a->length;

    return objsize;

}



int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)

crypto/asn1/asn1.h

+1 −0
Original line number Diff line number Diff line
@@ -1267,6 +1267,7 @@ void ERR_load_ASN1_strings(void); 
# define ASN1_F_D2I_X509_PKEY                             159

# define ASN1_F_DO_BUF                                    221

# define ASN1_F_I2D_ASN1_BIO_STREAM                       211

# define ASN1_F_I2D_ASN1_OBJECT                           222

# define ASN1_F_I2D_ASN1_SET                              188

# define ASN1_F_I2D_ASN1_TIME                             160

# define ASN1_F_I2D_DSA_PUBKEY                            161

crypto/asn1/asn1_err.c

+1 −0
Original line number Diff line number Diff line
@@ -168,6 +168,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { 
    {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},

    {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},

    {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},

    {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},

    {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},

    {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},

    {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},