d2i: don't update input pointer on failure

(Imported from upstream's 728bcd59d3d41e152aead0d15acc51a8958536d3.)

Actually this one was reported by us, but the commit message doesn't
mention this.

This is slightly modified from upstream's version to fix some problems
noticed in import. Specifically one of d2i_X509_AUX's success paths is
bust and d2i_PrivateKey still updates on one error path. Resolve the
latter by changing both it and d2i_AutoPrivateKey to explicitly hit the
error path on ret == NULL. This lets us remove the NULL check in
d2i_AutoPrivateKey.

We'll want to report the problems back upstream.

Change-Id: Ifcfc965ca6d5ec0a08ac154854bd351cafbaba25
Reviewed-on: https://boringssl-review.googlesource.com/5948
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 7 insertions, 8 deletions

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index c975dd35..b8f318a0 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -178,22 +178,21 @@ void *X509_get_ex_data(X509 *r, int idx)
 
 X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
-	const unsigned char *q;
+	const unsigned char *q = *pp;
 	X509 *ret;
 	int freeret = 0;
 
-	/* Save start position */
-	q = *pp;
-
 	if (!a || *a == NULL)
 		freeret = 1;
-	ret = d2i_X509(a, pp, length);
+	ret = d2i_X509(a, &q, length);
 	/* If certificate unreadable then forget it */
 	if(!ret) return NULL;
 	/* update length */
-	length -= *pp - q;
-	if(!length) return ret;
-	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+	length -= q - *pp;
+	/* Parse auxiliary information if there is any. */
+	if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
+		goto err;
+	*pp = q;
 	return ret;
 	err:
 	if (freeret)