PR: 2411

[oweals/openssl.git] / crypto / ocsp / ocsp_ht.c

diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
index 4a04ad9aa648f8eebce61db684f2d216e22a3677..92aba08c8fbd27bc6aae3a854606a3464362c603 100644 (file)
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -56,11 +56,12 @@
  *
  */
 
-#include <openssl/asn1.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <ctype.h>
 #include <string.h>
+#include "e_os.h"
+#include <openssl/asn1.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/buffer.h>
@@ -370,11 +371,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 
 
                case OHS_ASN1_HEADER:
-               /* Now reading ASN1 header: can read at least 6 bytes which
-                * is more than enough for any valid ASN1 SEQUENCE header
+               /* Now reading ASN1 header: can read at least 2 bytes which
+                * is enough for ASN1 SEQUENCE header and either length field
+                * or at least the length of the length field.
                 */
                n = BIO_get_mem_data(rctx->mem, &p);
-               if (n < 6)
+               if (n < 2)
                        goto next_io;
 
                /* Check it is an ASN1 SEQUENCE */
@@ -387,6 +389,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
                /* Check out length field */
                if (*p & 0x80)
                        {
+                       /* If MSB set on initial length octet we can now
+                        * always read 6 octets: make sure we have them.
+                        */
+                       if (n < 6)
+                               goto next_io;
                        n = *p & 0x7F;
                        /* Not NDEF or excessive length */
                        if (!n || (n > 4))