The branch OpenSSL_1_0_2-stable has been updated via 0971432f6f6d8b40d797133621809bd31eb7bf4e (commit) from ec3f996b3066ecaaec87ba5ad29c606aeac0740d (commit)
- Log ----------------------------------------------------------------- commit 0971432f6f6d8b40d797133621809bd31eb7bf4e Author: Richard Levitte <levi...@openssl.org> Date: Sat Aug 11 09:59:20 2018 +0200 i2d_ASN1_OBJECT(): allocate memory if the user didn't provide a buffer Since 0.9.7, all i2d_ functions were documented to allocate an output buffer if the user didn't provide one, under these conditions (from the 1.0.2 documentation): For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be allocated for a buffer and the encoded data written to it. In this case B<*out> is not incremented and it points to the start of the data just written. i2d_ASN1_OBJECT was found not to do this, and would crash if a NULL output buffer was provided. Fixes #6914 Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6918) (cherry picked from commit 6114041540d8d1fecaf23a861788c3c742d3b467) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_object.c | 21 ++++++++++++++++----- crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_err.c | 1 + 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index ad6b12a..ce05cf4 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -66,7 +66,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) { - unsigned char *p; + unsigned char *p, *allocated = NULL; int objsize; if ((a == NULL) || (a->data == NULL)) @@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) if (pp == NULL || objsize == -1) return objsize; - p = *pp; + if (*pp == NULL) { + if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) { + ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + p = *pp; + } + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); memcpy(p, a->data, a->length); - p += a->length; - *pp = p; - return (objsize); + /* + * If a new buffer was allocated, just return it back. + * If not, return the incremented buffer pointer. + */ + *pp = allocated != NULL ? allocated : p + a->length; + return objsize; } int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 256c531..0515292 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1267,6 +1267,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_X509_PKEY 159 # define ASN1_F_DO_BUF 221 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 222 # define ASN1_F_I2D_ASN1_SET 188 # define ASN1_F_I2D_ASN1_TIME 160 # define ASN1_F_I2D_DSA_PUBKEY 161 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index c144180..475e80a 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -168,6 +168,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"}, {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits