Prepare for 0.9.8ze-dev

[oweals/openssl.git] / crypto / asn1 / tasn_dec.c

diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 05129f229c738d59f76216eaa1e517881955ee67..b81d151e5fd831a8f39dbb75c733e7783570445e 100644 (file)
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
        int i;
        int otag;
        int ret = 0;
-       ASN1_VALUE *pchval, **pchptr, *ptmpval;
+       ASN1_VALUE **pchptr, *ptmpval;
        if (!pval)
                return 0;
        if (aux && aux->asn1_cb)
@@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                        goto err;
                        }
                /* CHOICE type, try each possibility in turn */
-               pchval = NULL;
                p = *in;
                for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
                        {
@@ -611,7 +610,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
 
        err:
        ASN1_template_free(val, tt);
-       *val = NULL;
        return 0;
        }
 
@@ -758,7 +756,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
 
        err:
        ASN1_template_free(val, tt);
-       *val = NULL;
        return 0;
        }
 
@@ -869,6 +866,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
                }
        else if (cst)
                {
+               if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+                       || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+                       || utype == V_ASN1_ENUMERATED)
+                       {
+                       ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                               ASN1_R_TYPE_NOT_PRIMITIVE);
+                       return 0;
+                       }
                buf.length = 0;
                buf.max = 0;
                buf.data = NULL;
@@ -1012,6 +1017,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                case V_ASN1_SET:
                case V_ASN1_SEQUENCE:
                default:
+               if (utype == V_ASN1_BMPSTRING && (len & 1))
+                       {
+                       ASN1err(ASN1_F_ASN1_EX_C2I,
+                                       ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+                       goto err;
+                       }
+               if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+                       {
+                       ASN1err(ASN1_F_ASN1_EX_C2I,
+                                       ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+                       goto err;
+                       }
                /* All based on ASN1_STRING and handled the same */
                if (!*pval)
                        {