From: Richard Levitte <levitte@openssl.org>
Date: Sat, 1 Jul 2017 16:25:43 +0000 (+0200)
Subject: Make sure OSSL_STORE_load() isn't caught in an endless loop
X-Git-Tag: OpenSSL_1_1_1-pre1~1134
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6e2f49b38429d9df00ed12ade60e3de3b9ba43b3;p=oweals%2Fopenssl.git

Make sure OSSL_STORE_load() isn't caught in an endless loop

The post process callback might potentially say "no" to everything (by
constantly returning NULL) and thereby cause an endless loop.  Ensure
that we stop all processing when "eof" is reached.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3823)
---

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index d5bb8b88ce..91faae20c5 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -90,6 +90,9 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
     OSSL_STORE_INFO *v = NULL;
 
  again:
+    if (OSSL_STORE_eof(ctx))
+        return NULL;
+
     v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
 
     if (ctx->post_process != NULL && v != NULL) {