From: Kurt Roeckx Date: Tue, 29 Sep 2015 17:59:48 +0000 (+0200) Subject: Fix more d2i cases to properly update the input pointer X-Git-Tag: OpenSSL_1_1_0-pre1~475 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=605236f6a8fe0743af2f63d93239a74c69dae137;p=openssl Fix more d2i cases to properly update the input pointer Thanks to David Benjamin for pointing them out. Reviewed-by: Steve Henson MR #1198 --- diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 90ec2f4f14..1b6f8ebe40 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -104,7 +104,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, EVP_PKEY_free(ret); ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - + if (ret == NULL) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; @@ -160,8 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, } ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - if (ret != NULL) - *pp = p; + if (ret == NULL) + return NULL; + *pp = p; if (a) { *a = ret; } diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 028c75a924..92d4fa34e6 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -184,9 +184,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) return NULL; /* update length */ length -= q - *pp; - if (!length) - return ret; - if (!d2i_X509_CERT_AUX(&ret->aux, &q, length)) + if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) goto err; *pp = q; return ret;