diff options
author | Brian Carlstrom <bdc@google.com> | 2010-11-16 11:19:35 -0800 |
---|---|---|
committer | Brian Carlstrom <bdc@google.com> | 2010-11-16 11:21:11 -0800 |
commit | 43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6 (patch) | |
tree | 520464b8c2f2e19d00e6ea143c6e1e9523b3367a /crypto/ocsp | |
parent | 8be882eb81101ceede7641e88ccbdaded610ff5f (diff) | |
download | replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.zip replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.tar.gz replicant_openssl-43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6.tar.bz2 |
Upgrade to openssl-1.0.0b
Bug: 3201137
Change-Id: I20cd6bed7717e5982abc3734e9a6522067f2908e
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_ht.c | 12 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_prn.c | 2 |
2 files changed, 9 insertions, 5 deletions
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 12bbfcf..af5fc16 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) case OHS_ASN1_HEADER: - /* Now reading ASN1 header: can read at least 6 bytes which - * is more than enough for any valid ASN1 SEQUENCE header + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. */ n = BIO_get_mem_data(rctx->mem, &p); - if (n < 6) + if (n < 2) goto next_io; /* Check it is an ASN1 SEQUENCE */ @@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) /* Check out length field */ if (*p & 0x80) { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 1695c9c..87608ff 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) return 1; } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; |