Fix DER reading from stdin for BIO_f_readbuffer

Fixes #14559 The intitial implementation of the gets() function tried using the next bio's gets() function. For a file BIO this returned incorrect data for binary data containing 0x00. Just buffering all data during gets() did not work however since some applications open and close the bio multiple times when dealing with pem files containing multiple entries.. This does not work when reading from stdin unless the data if buffered one byte at a time. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14599)
author: Shane Lontis <shane.lontis@oracle.com> 2021-03-18 15:00:23 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-03-22 09:07:36 +1000
commit: 251c48183b4d8934716ac1e5e66e2a10b81373fe (patch)
tree: a71ce4fd91efef5ab238abee50b2aa0792c714ac /crypto/bio/bf_readbuff.c
parent: 6e34a1048ce4871371eac224b995c3b4338f6166 (diff)
1 files changed, 56 insertions, 36 deletions
diff --git a/crypto/bio/bf_readbuff.c b/crypto/bio/bf_readbuff.c
index 673d592ec0..135ccef83b 100644
--- a/crypto/bio/bf_readbuff.c
+++ b/crypto/bio/bf_readbuff.c
@@ -57,7 +57,7 @@ static int readbuffer_new(BIO *bi)
     if (ctx == NULL)
         return 0;
     ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
-    ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    ctx->ibuf = OPENSSL_zalloc(DEFAULT_BUFFER_SIZE);
     if (ctx->ibuf == NULL) {
         OPENSSL_free(ctx);
         return 0;
@@ -220,6 +220,7 @@ static int readbuffer_gets(BIO *b, char *buf, int size)
     BIO_F_BUFFER_CTX *ctx;
     int num = 0, num_chars, found_newline;
     char *p;
+    int i, j;
 
     if (size == 0)
         return 0;
@@ -227,42 +228,61 @@ static int readbuffer_gets(BIO *b, char *buf, int size)
     ctx = (BIO_F_BUFFER_CTX *)b->ptr;
     BIO_clear_retry_flags(b);
 
-    for (;;) {
-        if (ctx->ibuf_len > 0) {
-            p = &(ctx->ibuf[ctx->ibuf_off]);
-            found_newline = 0;
-            for (num_chars = 0;
-                 (num_chars < ctx->ibuf_len) && (num_chars < size);
-                 num_chars++) {
-                *(buf++) = p[num_chars];
-                if (p[num_chars] == '\n') {
-                    found_newline = 1;
-                    num_chars++;
-                    break;
-                }
-            }
-            num += num_chars;
-            size -= num_chars;
-            ctx->ibuf_len -= num_chars;
-            ctx->ibuf_off += num_chars;
-            if (found_newline || size == 0) {
-                *buf = '\0';
-                return num;
-            }
-        } else {
-            /* read another line and resize if we have to */
-            if (!readbuffer_resize(ctx, size))
-                return 0;
-
-            /* Read another line from the next bio using BIO_gets */
-            num_chars = BIO_gets(b->next_bio, ctx->ibuf + ctx->ibuf_off,
-                                 1 + size);
-            if (num_chars <= 0) {
-                BIO_copy_next_retry(b);
-                *buf = '\0';
-                return num > 0 ? num : num_chars;
+    /* If data is already buffered then use this first */
+    if (ctx->ibuf_len > 0) {
+        p = ctx->ibuf + ctx->ibuf_off;
+        found_newline = 0;
+        for (num_chars = 0;
+             (num_chars < ctx->ibuf_len) && (num_chars < size);
+             num_chars++) {
+            *buf++ = p[num_chars];
+            if (p[num_chars] == '\n') {
+                found_newline = 1;
+                num_chars++;
+                break;
             }
-            ctx->ibuf_len = num_chars;
+        }
+        num += num_chars;
+        size -= num_chars;
+        ctx->ibuf_len -= num_chars;
+        ctx->ibuf_off += num_chars;
+        if (found_newline || size == 0) {
+            *buf = '\0';
+            return num;
         }
     }
+    /*
+     * If there is no buffered data left then read any remaining data from the
+     * next bio.
+     */
+
+     /* Resize if we have to */
+     if (!readbuffer_resize(ctx, 1 + size))
+         return 0;
+     /*
+      * Read more data from the next bio using BIO_read_ex:
+      * Note we cannot use BIO_gets() here as it does not work on a
+      * binary stream that contains 0x00. (Since strlen() will stop at
+      * any 0x00 not at the last read '\n' in a FILE bio).
+      * Also note that some applications open and close the file bio
+      * multiple times and need to read the next available block when using
+      * stdin - so we need to READ one byte at a time!
+      */
+     p = ctx->ibuf + ctx->ibuf_off;
+     for (i = 0; i < size; ++i) {
+         j = BIO_read(b->next_bio, p, 1);
+         if (j <= 0) {
+             BIO_copy_next_retry(b);
+             *buf = '\0';
+             return num > 0 ? num : j;
+         }
+         *buf++ = *p;
+         num++;
+         ctx->ibuf_off++;
+         if (*p == '\n')
+             break;
+         ++p;
+     }
+     *buf = '\0';
+     return num;
 }
author	Shane Lontis <shane.lontis@oracle.com>	2021-03-18 15:00:23 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-03-22 09:07:36 +1000
commit	251c48183b4d8934716ac1e5e66e2a10b81373fe (patch)
tree	a71ce4fd91efef5ab238abee50b2aa0792c714ac /crypto/bio/bf_readbuff.c
parent	6e34a1048ce4871371eac224b995c3b4338f6166 (diff)