From a46c9789ce2aecedceef119e9883513c7a49f1ca Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Mon, 17 Aug 2015 16:02:18 +0200 Subject: [PATCH] d2i: don't update input pointer on failure Reviewed-by: Dr. Stephen Henson MR #1005 --- crypto/asn1/d2i_pr.c | 11 ++++++++--- crypto/asn1/tasn_dec.c | 4 ++-- crypto/asn1/x_pubkey.c | 5 ++++- crypto/asn1/x_x509.c | 7 ++++--- crypto/ec/ec_asn1.c | 8 ++++++-- crypto/x509v3/v3_scts.c | 4 +++- 6 files changed, 27 insertions(+), 12 deletions(-) diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index b92af8b5f..90ec2f4f1 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -72,6 +72,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret; + const unsigned char *p = *pp; if ((a == NULL) || (*a == NULL)) { if ((ret = EVP_PKEY_new()) == NULL) { @@ -94,10 +95,10 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, } if (!ret->ameth->old_priv_decode || - !ret->ameth->old_priv_decode(ret, pp, length)) { + !ret->ameth->old_priv_decode(ret, &p, length)) { if (ret->ameth->priv_decode) { PKCS8_PRIV_KEY_INFO *p8 = NULL; - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); if (!p8) goto err; EVP_PKEY_free(ret); @@ -109,6 +110,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, goto err; } } + *pp = p; if (a != NULL) (*a) = ret; return (ret); @@ -136,6 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, * input is surrounded by an ASN1 SEQUENCE. */ inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); + p = *pp; /* * Since we only need to discern "traditional format" RSA and DSA keys we * can just count the elements. @@ -146,7 +149,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, keytype = EVP_PKEY_EC; else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not * traditional format */ - PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); EVP_PKEY *ret; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); @@ -157,6 +160,8 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, } ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); + if (ret != NULL) + *pp = p; if (a) { *a = ret; } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 7a6414ad0..732b4253d 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -281,9 +281,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, } asn1_set_choice_selector(pval, i, it); - *in = p; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; + *in = p; return 1; case ASN1_ITYPE_NDEF_SEQUENCE: @@ -420,9 +420,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* Save encoding */ if (!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; - *in = p; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; + *in = p; return 1; default: diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index d20afb982..b2d81dfcc 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -184,13 +184,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) { X509_PUBKEY *xpk; EVP_PKEY *pktmp; - xpk = d2i_X509_PUBKEY(NULL, pp, length); + const unsigned char *q; + q = *pp; + xpk = d2i_X509_PUBKEY(NULL, &q, length); if (!xpk) return NULL; pktmp = X509_PUBKEY_get(xpk); X509_PUBKEY_free(xpk); if (!pktmp) return NULL; + *pp = q; if (a) { EVP_PKEY_free(*a); *a = pktmp; diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 6e7850cc0..d8d55b2ee 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -177,16 +177,17 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) if (!a || *a == NULL) { freeret = 1; } - ret = d2i_X509(a, pp, length); + ret = d2i_X509(a, &q, length); /* If certificate unreadable then forget it */ if (!ret) return NULL; /* update length */ - length -= *pp - q; + length -= q - *pp; if (!length) return ret; - if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) + if (!d2i_X509_CERT_AUX(&ret->aux, &q, length)) goto err; + *pp = q; return ret; err: if (freeret) { diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 4e1566dea..bd6592b64 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -951,8 +951,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) { EC_GROUP *group = NULL; ECPKPARAMETERS *params = NULL; + const unsigned char *p = *in; - if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { + if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) { ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); ECPKPARAMETERS_free(params); return NULL; @@ -970,6 +971,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) } ECPKPARAMETERS_free(params); + *in = p; return (group); } @@ -996,8 +998,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) { EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; + const unsigned char *p = *in; - if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); return NULL; } @@ -1077,6 +1080,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (a) *a = ret; EC_PRIVATEKEY_free(priv_key); + *in = p; return (ret); err: diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index f93fdfc2b..b1505feb3 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -183,8 +183,9 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, SCT *sct; unsigned char *p, *p2; unsigned short listlen, sctlen = 0, fieldlen; + const unsigned char *q = *pp; - if (d2i_ASN1_OCTET_STRING(&oct, pp, length) == NULL) + if (d2i_ASN1_OCTET_STRING(&oct, &q, length) == NULL) return NULL; if (oct->length < 2) goto done; @@ -272,6 +273,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, done: ASN1_OCTET_STRING_free(oct); + *pp = q; return sk; err: