Ensure we check i2d_X509 return val

The i2d_X509() function can return a negative value on error. Therefore we should make sure we check it. Issue reported by Yuan Jochen Kang. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 446ba8de9af9aa4fa3debc7c76a38f4efed47a62)
author: Matt Caswell <matt@openssl.org> 2016-04-25 16:05:55 +0100
committer: Matt Caswell <matt@openssl.org> 2016-04-26 14:32:45 +0100
commit: 8f43c80bfac15544820739bf035df946eeb603e8 (patch)
tree: 2f9056518d7e48e380c8cc2f2f477ab259bec7c6 /crypto/asn1
parent: 0ca67644ddedfd656d43a6639d89a6236ff64652 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e2cac83694..ccdf6dfe13 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -201,10 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 
 int i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
-    int length;
+    int length, tmplen;
+    unsigned char *start = *pp;
     length = i2d_X509(a, pp);
-    if (a)
-        length += i2d_X509_CERT_AUX(a->aux, pp);
+    if (length < 0 || a == NULL)
+        return length;
+
+    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+    if (tmplen < 0) {
+        *pp = start;
+        return tmplen;
+    }
+    length += tmplen;
+
     return length;
 }
author	Matt Caswell <matt@openssl.org>	2016-04-25 16:05:55 +0100
committer	Matt Caswell <matt@openssl.org>	2016-04-26 14:32:45 +0100
commit	8f43c80bfac15544820739bf035df946eeb603e8 (patch)
tree	2f9056518d7e48e380c8cc2f2f477ab259bec7c6 /crypto/asn1
parent	0ca67644ddedfd656d43a6639d89a6236ff64652 (diff)