Fix more d2i cases to properly update the input pointer
authorKurt Roeckx <kurt@roeckx.be>
Tue, 29 Sep 2015 17:59:48 +0000 (19:59 +0200)
committerKurt Roeckx <kurt@roeckx.be>
Sat, 3 Oct 2015 11:29:15 +0000 (13:29 +0200)
Thanks to David Benjamin <davidben@google.com> for pointing them out.

Reviewed-by: Steve Henson <steve@openssl.org>
MR #1198

(cherry picked from commit 605236f6a8fe0743af2f63d93239a74c69dae137)

crypto/asn1/d2i_pr.c
crypto/asn1/x_x509.c

index 314f4e38ba4cd57cb61aedfa5f88b671423ec691..d21829af192f0c47d15b340d488b045df3b8ef2e 100644 (file)
@@ -104,7 +104,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
             EVP_PKEY_free(ret);
             ret = EVP_PKCS82PKEY(p8);
             PKCS8_PRIV_KEY_INFO_free(p8);
-
+            if (ret == NULL)
+                goto err;
         } else {
             ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
             goto err;
@@ -160,8 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         }
         ret = EVP_PKCS82PKEY(p8);
         PKCS8_PRIV_KEY_INFO_free(p8);
-        if (ret != NULL)
-            *pp = p;
+        if (ret == NULL)
+            return NULL;
+        *pp = p;
         if (a) {
             *a = ret;
         }
index 63c15e8830391aad9e96e78206a68d92c59c8c1d..e2cac836943d728dc881d886b48b446e418b6a75 100644 (file)
@@ -186,9 +186,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
         return NULL;
     /* update length */
     length -= q - *pp;
-    if (!length)
-        return ret;
-    if (!d2i_X509_CERT_AUX(&ret->aux, &q, length))
+    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
         goto err;
     *pp = q;
     return ret;