Fix various issues in the OCSP extension parsing code:

- When parsing the OCSP extension we can have multiple responder IDs - pull
  these out correctly.

- Stop using CBS_stow() - it's unnecessary since we just need access to the
  data and length (which we can get via CBS_data() and CBS_len()).

- Use a temporary pointer when calling d2i_*() functions, since it will
  increment the pointer by the number of bytes it consumed when decoding.

The original code incorrectly passes the pointer allocated via CBS_stow()
(using malloc()) to a d2i_*() function and then calls free() on the now
incremented pointer, most likely resulting in a crash. This issue was
reported by Robert Swiecki who found the issue using honggfuzz.

ok beck@

0 files changed, 0 insertions, 0 deletions