diff options
Diffstat (limited to 'src/lib/libcrypto/asn1/a_d2i_fp.c')
| -rw-r--r-- | src/lib/libcrypto/asn1/a_d2i_fp.c | 51 |
1 files changed, 14 insertions, 37 deletions
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c index d12890ec15..d85be56568 100644 --- a/src/lib/libcrypto/asn1/a_d2i_fp.c +++ b/src/lib/libcrypto/asn1/a_d2i_fp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: a_d2i_fp.c,v 1.12 2016/05/03 12:38:53 tedu Exp $ */ | 1 | /* $OpenBSD: a_d2i_fp.c,v 1.13 2016/05/04 14:53:29 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -144,7 +144,6 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) | |||
| 144 | } | 144 | } |
| 145 | 145 | ||
| 146 | #define HEADER_SIZE 8 | 146 | #define HEADER_SIZE 8 |
| 147 | #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) | ||
| 148 | static int | 147 | static int |
| 149 | asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | 148 | asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) |
| 150 | { | 149 | { |
| @@ -168,22 +167,18 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 168 | if (want >= (len - off)) { | 167 | if (want >= (len - off)) { |
| 169 | want -= (len - off); | 168 | want -= (len - off); |
| 170 | 169 | ||
| 171 | if (len + want < len || | 170 | if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { |
| 172 | !BUF_MEM_grow_clean(b, len + want)) { | 171 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); |
| 173 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, | ||
| 174 | ERR_R_MALLOC_FAILURE); | ||
| 175 | goto err; | 172 | goto err; |
| 176 | } | 173 | } |
| 177 | i = BIO_read(in, &(b->data[len]), want); | 174 | i = BIO_read(in, &(b->data[len]), want); |
| 178 | if ((i < 0) && ((len - off) == 0)) { | 175 | if ((i < 0) && ((len - off) == 0)) { |
| 179 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, | 176 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); |
| 180 | ASN1_R_NOT_ENOUGH_DATA); | ||
| 181 | goto err; | 177 | goto err; |
| 182 | } | 178 | } |
| 183 | if (i > 0) { | 179 | if (i > 0) { |
| 184 | if (len + i < len) { | 180 | if (len + i < len) { |
| 185 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, | 181 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); |
| 186 | ASN1_R_TOO_LONG); | ||
| 187 | goto err; | 182 | goto err; |
| 188 | } | 183 | } |
| 189 | len += i; | 184 | len += i; |
| @@ -211,8 +206,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 211 | /* no data body so go round again */ | 206 | /* no data body so go round again */ |
| 212 | eos++; | 207 | eos++; |
| 213 | if (eos < 0) { | 208 | if (eos < 0) { |
| 214 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, | 209 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); |
| 215 | ASN1_R_HEADER_TOO_LONG); | ||
| 216 | goto err; | 210 | goto err; |
| 217 | } | 211 | } |
| 218 | want = HEADER_SIZE; | 212 | want = HEADER_SIZE; |
| @@ -227,45 +221,28 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 227 | /* suck in c.slen bytes of data */ | 221 | /* suck in c.slen bytes of data */ |
| 228 | want = c.slen; | 222 | want = c.slen; |
| 229 | if (want > (len - off)) { | 223 | if (want > (len - off)) { |
| 230 | size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; | ||
| 231 | |||
| 232 | want -= (len - off); | 224 | want -= (len - off); |
| 233 | if (want > INT_MAX /* BIO_read takes an int length */ || | 225 | if (want > INT_MAX /* BIO_read takes an int length */ || |
| 234 | len+want < len) { | 226 | len+want < len) { |
| 235 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, | 227 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); |
| 236 | ASN1_R_TOO_LONG); | ||
| 237 | goto err; | 228 | goto err; |
| 238 | } | 229 | } |
| 239 | /* | 230 | if (!BUF_MEM_grow_clean(b, len + want)) { |
| 240 | * Read content in chunks of increasing size | 231 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); |
| 241 | * so we can return an error for EOF without | ||
| 242 | * having to allocate the entire content length | ||
| 243 | * in one go. | ||
| 244 | */ | ||
| 245 | size_t chunk = want > chunk_max ? chunk_max : want; | ||
| 246 | |||
| 247 | if (!BUF_MEM_grow_clean(b, len + chunk)) { | ||
| 248 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, | ||
| 249 | ERR_R_MALLOC_FAILURE); | ||
| 250 | goto err; | 232 | goto err; |
| 251 | } | 233 | } |
| 252 | want -= chunk; | 234 | while (want > 0) { |
| 253 | while (chunk > 0) { | 235 | i = BIO_read(in, &(b->data[len]), want); |
| 254 | i = BIO_read(in, &(b->data[len]), chunk); | ||
| 255 | if (i <= 0) { | 236 | if (i <= 0) { |
| 256 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, | 237 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, |
| 257 | ASN1_R_NOT_ENOUGH_DATA); | 238 | ASN1_R_NOT_ENOUGH_DATA); |
| 258 | goto err; | 239 | goto err; |
| 259 | } | 240 | } |
| 260 | /* | 241 | /* This can't overflow because |
| 261 | * This can't overflow because |len+want| | 242 | * |len+want| didn't overflow. */ |
| 262 | * didn't overflow. | ||
| 263 | */ | ||
| 264 | len += i; | 243 | len += i; |
| 265 | chunk -= i; | 244 | want -= i; |
| 266 | } | 245 | } |
| 267 | if (chunk_max < INT_MAX/2) | ||
| 268 | chunk_max *= 2; | ||
| 269 | } | 246 | } |
| 270 | if (off + c.slen < off) { | 247 | if (off + c.slen < off) { |
| 271 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); | 248 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); |