diff options
Diffstat (limited to 'src/lib/libcrypto/ocsp/ocsp_ht.c')
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_ht.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c index 12bbfcffd1..af5fc16691 100644 --- a/src/lib/libcrypto/ocsp/ocsp_ht.c +++ b/src/lib/libcrypto/ocsp/ocsp_ht.c | |||
| @@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) | |||
| 397 | 397 | ||
| 398 | 398 | ||
| 399 | case OHS_ASN1_HEADER: | 399 | case OHS_ASN1_HEADER: |
| 400 | /* Now reading ASN1 header: can read at least 6 bytes which | 400 | /* Now reading ASN1 header: can read at least 2 bytes which |
| 401 | * is more than enough for any valid ASN1 SEQUENCE header | 401 | * is enough for ASN1 SEQUENCE header and either length field |
| 402 | * or at least the length of the length field. | ||
| 402 | */ | 403 | */ |
| 403 | n = BIO_get_mem_data(rctx->mem, &p); | 404 | n = BIO_get_mem_data(rctx->mem, &p); |
| 404 | if (n < 6) | 405 | if (n < 2) |
| 405 | goto next_io; | 406 | goto next_io; |
| 406 | 407 | ||
| 407 | /* Check it is an ASN1 SEQUENCE */ | 408 | /* Check it is an ASN1 SEQUENCE */ |
| @@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) | |||
| 414 | /* Check out length field */ | 415 | /* Check out length field */ |
| 415 | if (*p & 0x80) | 416 | if (*p & 0x80) |
| 416 | { | 417 | { |
| 418 | /* If MSB set on initial length octet we can now | ||
| 419 | * always read 6 octets: make sure we have them. | ||
| 420 | */ | ||
| 421 | if (n < 6) | ||
| 422 | goto next_io; | ||
| 417 | n = *p & 0x7F; | 423 | n = *p & 0x7F; |
| 418 | /* Not NDEF or excessive length */ | 424 | /* Not NDEF or excessive length */ |
| 419 | if (!n || (n > 4)) | 425 | if (!n || (n > 4)) |