We can't always read 6 bytes in an OCSP response: fix so error statuses
authorDr. Stephen Henson <steve@openssl.org>
Wed, 6 Oct 2010 18:01:23 +0000 (18:01 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 6 Oct 2010 18:01:23 +0000 (18:01 +0000)
are read correctly for non-blocking I/O.

crypto/ocsp/ocsp_ht.c

index 12bbfcffd1391a7ceb16119749bdf8c81a5995f8..af5fc16691d432d4969126a5e64640e4a1775a14 100644 (file)
@@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 
 
                case OHS_ASN1_HEADER:
-               /* Now reading ASN1 header: can read at least 6 bytes which
-                * is more than enough for any valid ASN1 SEQUENCE header
+               /* Now reading ASN1 header: can read at least 2 bytes which
+                * is enough for ASN1 SEQUENCE header and either length field
+                * or at least the length of the length field.
                 */
                n = BIO_get_mem_data(rctx->mem, &p);
-               if (n < 6)
+               if (n < 2)
                        goto next_io;
 
                /* Check it is an ASN1 SEQUENCE */
@@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
                /* Check out length field */
                if (*p & 0x80)
                        {
+                       /* If MSB set on initial length octet we can now
+                        * always read 6 octets: make sure we have them.
+                        */
+                       if (n < 6)
+                               goto next_io;
                        n = *p & 0x7F;
                        /* Not NDEF or excessive length */
                        if (!n || (n > 4))