In asn1_d2i_read_bio, don't assume BIO_read will

return the requested number of bytes when reading
content.

2 files changed, 15 insertions, 5 deletions

diff --git a/CHANGES b/CHANGES
index 2d7c5b5f50..ce2c1264a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -335,6 +335,11 @@ TODO: bug: pad  x  with leading zeros if necessary
  
  Changes between 0.9.6h and 0.9.7  [XX xxx 2002]
 
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
   *) Disable Heimdal support, since it hasn't been fully implemented.
      Still give the possibility to force the use of Heimdal, but with
      warnings and a request that patches get sent to openssl-dev.
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 71b4a28611..cfb56ae265 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -226,13 +226,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 					ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 					goto err;
 					}
-				i=BIO_read(in,&(b->data[len]),want);
-				if (i <= 0)
+				while (want > 0)
 					{
-					ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
-					goto err;
+					i=BIO_read(in,&(b->data[len]),want);
+					if (i <= 0)
+						{
+						ASN1err(ASN1_F_ASN1_D2I_BIO,
+						    ASN1_R_NOT_ENOUGH_DATA);
+						goto err;
+						}
+					len+=i;
+					want -= i;
 					}
-				len+=i;
 				}
 			off+=(int)c.slen;
 			if (eos <= 0)