From ddfbdb55fc8b048e180ba05fe1da3af7e72bb4de Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 9 Dec 2021 17:01:41 +0000 Subject: [PATCH] Inline collect_data() in asn1_collect(). While here stop assigning a size_t to an int without bounds checks. ok inoguchi@ tb@ --- lib/libcrypto/asn1/tasn_dec.c | 33 ++++++++++++--------------------- 1 file changed, 12 insertions(+), 21 deletions(-) diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c index aa97bc8f4ef..7338f6800a0 100644 --- a/lib/libcrypto/asn1/tasn_dec.c +++ b/lib/libcrypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.43 2021/12/09 16:58:44 jsing Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.44 2021/12/09 17:01:41 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -77,8 +77,6 @@ static int asn1_find_end(const unsigned char **in, long len, char inf); static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, int tag, int aclass, int depth); -static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); - static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, const unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx); @@ -1053,8 +1051,17 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1)) return 0; - } else if (plen && !collect_data(buf, &p, plen)) - return 0; + } else if (plen > 0) { + size_t len = buf->length; + + if (!BUF_MEM_grow_clean(buf, len + plen)) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(buf->data + len, p, plen); + + p += plen; + } len -= p - q; } if (inf) { @@ -1065,22 +1072,6 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, return 1; } -static int -collect_data(BUF_MEM *buf, const unsigned char **p, long plen) -{ - int len; - - len = buf->length; - if (!BUF_MEM_grow_clean(buf, len + plen)) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(buf->data + len, *p, plen); - - *p += plen; - return 1; -} - /* Check for ASN1 EOC and swallow it if found */ static int -- 2.20.1