From 6c6a836335d8ded70001d161904ce1a29188fbbf Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 9 Jul 2023 19:22:43 +0000 Subject: [PATCH] Fix ndef_{prefix,suffix}() These functions inline a poor version of asn1_item_flags_i2d() without error checks. This can be replaced with a single correct call to ASN1_item_ndef_i2d(). Mechanically adding malloc checks and checks for negative did not really improve things all that much in a related project. ok beck jsing --- lib/libcrypto/asn1/bio_ndef.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/lib/libcrypto/asn1/bio_ndef.c b/lib/libcrypto/asn1/bio_ndef.c index d0329ede8f4..11e51edade3 100644 --- a/lib/libcrypto/asn1/bio_ndef.c +++ b/lib/libcrypto/asn1/bio_ndef.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ndef.c,v 1.22 2023/04/25 19:08:30 tb Exp $ */ +/* $OpenBSD: bio_ndef.c,v 1.23 2023/07/09 19:22:43 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -171,7 +171,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) { NDEF_SUPPORT *ndef_aux; - unsigned char *p; + unsigned char *p = NULL; int derlen; if (!parg) @@ -179,13 +179,13 @@ ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ndef_aux = *(NDEF_SUPPORT **)parg; - derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); - p = malloc(derlen); + if ((derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it)) <= 0) + return 0; + ndef_aux->derbuf = p; *pbuf = p; - derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); - if (!*ndef_aux->boundary) + if (*ndef_aux->boundary == NULL) return 0; *plen = *ndef_aux->boundary - *pbuf; @@ -231,7 +231,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) { NDEF_SUPPORT *ndef_aux; - unsigned char *p; + unsigned char *p = NULL; int derlen; const ASN1_AUX *aux; ASN1_STREAM_ARG sarg; @@ -251,14 +251,15 @@ ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) &ndef_aux->val, ndef_aux->it, &sarg) <= 0) return 0; - derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); - p = malloc(derlen); + if ((derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it)) <= 0) + return 0; + ndef_aux->derbuf = p; *pbuf = p; - derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); - if (!*ndef_aux->boundary) + if (*ndef_aux->boundary == NULL) return 0; + *pbuf = *ndef_aux->boundary; *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf); -- 2.20.1