Fix bug in PKCS#7 decode routines when indefinite length

encoding is used inside definite length encoding.

diff --git a/CHANGES b/CHANGES
index 3f0e64d90aa5a4543ce81c8de5c0b9a602487910..a3b7e529daed4cffb2951ce84bcefaeafc841d3b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
 
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+
   *) Fix bug in PKCS#12 key generation routines. This was triggered
      if a 3DES key was generated with a 0 initial byte. Include
      PKCS12_BROKEN_KEYGEN compilation option to retain the old

diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c
index b1196ef581ceac7562fbdb1a7859b95ccbcc96b1..7a5baff8dd59fe033fda14853644ee46a7896d38 100644 (file)
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -307,6 +307,7 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
                        }
                if (Tinf == (1|V_ASN1_CONSTRUCTED))
                        {
+                       c.q=c.p;
                        if (!ASN1_check_infinite_end(&c.p,c.slen))
                                {
                                c.error=ERR_R_MISSING_ASN1_EOS;
@@ -314,6 +315,7 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
                                goto err;
                                }
                        }
+                       c.slen-=(c.p-c.q);
                }
        else
                ret->detached=1;