generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

We can't always read 6 bytes in an OCSP response: fix so error statuses

Browse Source 
are read correctly for non-blocking I/O.
This commit is contained in:
Dr. Stephen Henson 2010-10-06 18:01:23 +00:00
parent c14c6e996d
commit 0ef9b9c7bf
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/ocsp/ocsp_ht.c
View File

@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
case OHS_ASN1_HEADER: case OHS_ASN1_HEADER:
/* Now reading ASN1 header: can read at least 6 bytes which /* Now reading ASN1 header: can read at least 2 bytes which
* is more than enough for any valid ASN1 SEQUENCE header * is enough for ASN1 SEQUENCE header and either length field
* or at least the length of the length field.
*/ */
n = BIO_get_mem_data(rctx->mem, &p); n = BIO_get_mem_data(rctx->mem, &p);
if (n < 6) if (n < 2)
goto next_io; goto next_io;
/* Check it is an ASN1 SEQUENCE */ /* Check it is an ASN1 SEQUENCE */
@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
/* Check out length field */ /* Check out length field */
if (*p & 0x80) if (*p & 0x80)
{ {
/* If MSB set on initial length octet we can now
* always read 6 octets: make sure we have them.
*/
if (n < 6)
goto next_io;
n = *p & 0x7F; n = *p & 0x7F;
/* Not NDEF or excessive length */ /* Not NDEF or excessive length */
if (!n || (n > 4)) if (!n || (n > 4))