Commit 8f43c80b authored by Matt Caswell's avatar Matt Caswell
Browse files

Ensure we check i2d_X509 return val 



The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
(cherry picked from commit 446ba8de)
parent 0ca67644

crypto/asn1/x_x509.c

+12 −3
Original line number Diff line number Diff line
@@ -201,10 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) 


int i2d_X509_AUX(X509 *a, unsigned char **pp)

{

    int length;

    int length, tmplen;

    unsigned char *start = *pp;

    length = i2d_X509(a, pp);

    if (a)

        length += i2d_X509_CERT_AUX(a->aux, pp);

    if (length < 0 || a == NULL)

        return length;



    tmplen = i2d_X509_CERT_AUX(a->aux, pp);

    if (tmplen < 0) {

        *pp = start;

        return tmplen;

    }

    length += tmplen;



    return length;

}

ssl/ssl_cert.c

+7 −2
Original line number Diff line number Diff line
@@ -1059,13 +1059,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 
    unsigned char *p;



    n = i2d_X509(x, NULL);

    if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {

    if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {

        SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);

        return 0;

    }

    p = (unsigned char *)&(buf->data[*l]);

    l2n3(n, p);

    i2d_X509(x, &p);

    n = i2d_X509(x, &p);

    if (n < 0) {

        /* Shouldn't happen */

        SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);

        return 0;

    }

    *l += n + 3;



    return 1;