From a04d08fc18e3dba21dfce71e55f0decb971f9b91 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 25 Apr 2016 16:05:55 +0100 Subject: [PATCH] Ensure we check i2d_X509 return val MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The i2d_X509() function can return a negative value on error. Therefore we should make sure we check it. Issue reported by Yuan Jochen Kang. Reviewed-by: Emilia Käsper (cherry picked from commit 446ba8de9af9aa4fa3debc7c76a38f4efed47a62) --- crypto/asn1/x_x509.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index bcd9166c35..38ede71bb9 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -201,9 +201,18 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) int i2d_X509_AUX(X509 *a, unsigned char **pp) { - int length; + int length, tmplen; + unsigned char *start = *pp; length = i2d_X509(a, pp); - if (a) - length += i2d_X509_CERT_AUX(a->aux, pp); + if (length < 0 || a == NULL) + return length; + + tmplen = i2d_X509_CERT_AUX(a->aux, pp); + if (tmplen < 0) { + *pp = start; + return tmplen; + } + length += tmplen; + return length; } -- 2.25.1