diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-10-06 18:00:59 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-10-06 18:00:59 +0000 |
commit | 983768997e28c908fbcb7b827f9f4e4721e74a65 (patch) | |
tree | 54dd0ae3e95032d0feefac85be15f25d2d6f2e93 /crypto/ocsp | |
parent | 8ec3fa0597224abf3bdcb59da0f02f3100f75459 (diff) |
We can't always read 6 bytes in an OCSP response: fix so error statuses
are read correctly for non-blocking I/O.
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_ht.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 12bbfcffd1..af5fc16691 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) case OHS_ASN1_HEADER: - /* Now reading ASN1 header: can read at least 6 bytes which - * is more than enough for any valid ASN1 SEQUENCE header + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. */ n = BIO_get_mem_data(rctx->mem, &p); - if (n < 6) + if (n < 2) goto next_io; /* Check it is an ASN1 SEQUENCE */ @@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) /* Check out length field */ if (*p & 0x80) { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) |