Fix uni2asc() so it can properly convert zero length

unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.

diff --git a/CHANGES b/CHANGES
index f2c264a68775d754d1f8a383452eef72ab84d756..3a256cbb0c425f205614e41e1d41b4c04b330da3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
   *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
      Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
      when writing a 32767 byte record.

diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index 17f41b45496b1af7f84b21fe05519274b4e07883..623fac8a6fc6c9788cdbefb4e5c850d184057fe3 100644 (file)
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -83,7 +83,7 @@ char *uni2asc (unsigned char *uni, int unilen)
        char *asctmp;
        asclen = unilen / 2;
        /* If no terminating zero allow for one */
-       if (uni[unilen - 1]) asclen++;
+       if (!unilen || uni[unilen - 1]) asclen++;
        uni++;
        if (!(asctmp = OPENSSL_malloc (asclen))) return NULL;
        for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];