From 42637ffc69a59b56897f951c50482709b0cc86d5 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Tue, 29 Sep 2015 19:59:48 +0200 Subject: Fix more d2i cases to properly update the input pointer Thanks to David Benjamin for pointing them out. Reviewed-by: Steve Henson MR #1198 (cherry picked from commit 605236f6a8fe0743af2f63d93239a74c69dae137) --- crypto/asn1/d2i_pr.c | 8 +++++--- crypto/asn1/x_x509.c | 4 +--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 314f4e3..d21829a 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -104,7 +104,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, EVP_PKEY_free(ret); ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - + if (ret == NULL) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; @@ -160,8 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, } ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - if (ret != NULL) - *pp = p; + if (ret == NULL) + return NULL; + *pp = p; if (a) { *a = ret; } diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 63c15e8..e2cac83 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -186,9 +186,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) return NULL; /* update length */ length -= q - *pp; - if (!length) - return ret; - if (!d2i_X509_CERT_AUX(&ret->aux, &q, length)) + if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) goto err; *pp = q; return ret; -- 1.7.12.1