summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ocsp')
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ht.c12
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_lib.c8
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_prn.c2
3 files changed, 13 insertions, 9 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 12bbfcffd1..af5fc16691 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
397 397
398 398
399 case OHS_ASN1_HEADER: 399 case OHS_ASN1_HEADER:
400 /* Now reading ASN1 header: can read at least 6 bytes which 400 /* Now reading ASN1 header: can read at least 2 bytes which
401 * is more than enough for any valid ASN1 SEQUENCE header 401 * is enough for ASN1 SEQUENCE header and either length field
402 * or at least the length of the length field.
402 */ 403 */
403 n = BIO_get_mem_data(rctx->mem, &p); 404 n = BIO_get_mem_data(rctx->mem, &p);
404 if (n < 6) 405 if (n < 2)
405 goto next_io; 406 goto next_io;
406 407
407 /* Check it is an ASN1 SEQUENCE */ 408 /* Check it is an ASN1 SEQUENCE */
@@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
414 /* Check out length field */ 415 /* Check out length field */
415 if (*p & 0x80) 416 if (*p & 0x80)
416 { 417 {
418 /* If MSB set on initial length octet we can now
419 * always read 6 octets: make sure we have them.
420 */
421 if (n < 6)
422 goto next_io;
417 n = *p & 0x7F; 423 n = *p & 0x7F;
418 /* Not NDEF or excessive length */ 424 /* Not NDEF or excessive length */
419 if (!n || (n > 4)) 425 if (!n || (n > 4))
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 36905d76cd..e92b86c060 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
170 170
171 char *host, *port; 171 char *host, *port;
172 172
173 /* dup the buffer since we are going to mess with it */
174 buf = BUF_strdup(url);
175 if (!buf) goto mem_err;
176
177 *phost = NULL; 173 *phost = NULL;
178 *pport = NULL; 174 *pport = NULL;
179 *ppath = NULL; 175 *ppath = NULL;
180 176
177 /* dup the buffer since we are going to mess with it */
178 buf = BUF_strdup(url);
179 if (!buf) goto mem_err;
180
181 /* Check for initial colon */ 181 /* Check for initial colon */
182 p = strchr(buf, ':'); 182 p = strchr(buf, ':');
183 183
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
index 1695c9c4ad..87608ff399 100644
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
182 { 182 {
183 int i, ret = 0; 183 int i, ret = 0;
184 long l; 184 long l;
185 unsigned char *p;
186 OCSP_CERTID *cid = NULL; 185 OCSP_CERTID *cid = NULL;
187 OCSP_BASICRESP *br = NULL; 186 OCSP_BASICRESP *br = NULL;
188 OCSP_RESPID *rid = NULL; 187 OCSP_RESPID *rid = NULL;
@@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
207 return 1; 206 return 1;
208 } 207 }
209 208
210 p = ASN1_STRING_data(rb->response);
211 i = ASN1_STRING_length(rb->response); 209 i = ASN1_STRING_length(rb->response);
212 if (!(br = OCSP_response_get1_basic(o))) goto err; 210 if (!(br = OCSP_response_get1_basic(o))) goto err;
213 rd = br->tbsResponseData; 211 rd = br->tbsResponseData;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:41:37 +0000