openssl-1.0.0e: resolve conflicts

author: djm <> 2011-11-03 02:34:33 +0000
committer: djm <> 2011-11-03 02:34:33 +0000
commit: 6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e (patch)
tree: a8fc08e33aecdd21cb07aa47c8a3a9db715f2ef3 /src/lib/libcrypto/ocsp
parent: 509e4c3041a1e04b41603ac8dd4dbc72152b416e (diff)
download: openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.tar.gz
openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.tar.bz2
openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.zip
3 files changed, 13 insertions, 9 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 12bbfcffd1..af5fc16691 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
                case OHS_ASN1_HEADER:
-                /* Now reading ASN1 header: can read at least 6 bytes which
+                /* Now reading ASN1 header: can read at least 2 bytes which
-                 * is more than enough for any valid ASN1 SEQUENCE header
+                 * is enough for ASN1 SEQUENCE header and either length field
+                 * or at least the length of the length field.
                 */
                n = BIO_get_mem_data(rctx->mem, &p);
-                if (n < 6)
+                if (n < 2)
                        goto next_io;
                /* Check it is an ASN1 SEQUENCE */
@@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
                /* Check out length field */
                if (*p & 0x80)
                        {
+                        /* If MSB set on initial length octet we can now
+                         * always read 6 octets: make sure we have them.
+                         */
+                        if (n < 6)
+                                goto next_io;
                        n = *p & 0x7F;
                        /* Not NDEF or excessive length */
                        if (!n || (n > 4))
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 36905d76cd..e92b86c060 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        char *host, *port;
-        /* dup the buffer since we are going to mess with it */
-        buf = BUF_strdup(url);
-        if (!buf) goto mem_err;
        *phost = NULL;
        *pport = NULL;
        *ppath = NULL;
+        /* dup the buffer since we are going to mess with it */
+        buf = BUF_strdup(url);
+        if (!buf) goto mem_err;
        /* Check for initial colon */
        p = strchr(buf, ':');
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
index 1695c9c4ad..87608ff399 100644
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
        {
        int i, ret = 0;
        long l;
-        unsigned char *p;
        OCSP_CERTID *cid = NULL;
        OCSP_BASICRESP *br = NULL;
        OCSP_RESPID *rid = NULL;
@@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
                return 1;
                }
-        p = ASN1_STRING_data(rb->response);
        i = ASN1_STRING_length(rb->response);
        if (!(br = OCSP_response_get1_basic(o))) goto err;
        rd = br->tbsResponseData;
author	djm <>	2011-11-03 02:34:33 +0000
committer	djm <>	2011-11-03 02:34:33 +0000
commit	6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e (patch)
tree	a8fc08e33aecdd21cb07aa47c8a3a9db715f2ef3 /src/lib/libcrypto/ocsp
parent	509e4c3041a1e04b41603ac8dd4dbc72152b416e (diff)
download	openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.tar.gz openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.tar.bz2 openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.zip