generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure we check i2d_X509 return val

Browse Source 
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 446ba8de9af9aa4fa3debc7c76a38f4efed47a62)
This commit is contained in:
Matt Caswell
2016-04-25 16:05:55 +01:00
parent 0ca67644dd
commit 8f43c80bfa
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/ssl_cert.c
View File

@@ -1059,13 +1059,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
unsigned char *p;
n = i2d_X509(x, NULL);
if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
return 0;
}
p = (unsigned char *)&(buf->data[*l]);
l2n3(n, p);
i2d_X509(x, &p);
n = i2d_X509(x, &p);
if (n < 0) {
/* Shouldn't happen */
SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
return 0;
}
*l += n + 3;
return 1;