Ensure we check i2d_X509 return val

The i2d_X509() function can return a negative value on error. Therefore we should make sure we check it. Issue reported by Yuan Jochen Kang. (Imported from upstream's 8f43c80bfac15544820739bf035df946eeb603e8) Change-Id: If247d5bf1d792eb7c6dc179b606ed21ea0ccdbb8 Reviewed-on: https://boringssl-review.googlesource.com/7743 Reviewed-by: David Benjamin <davidben@google.com>
author: Steven Valdez <svaldez@google.com> 2016-04-26 19:57:22 +0300
committer: David Benjamin <davidben@google.com> 2016-04-26 20:12:01 +0300
commit: b32a9151da35c12136299a3bf4e21c8c77d13866 (patch)
tree: 329df3e8f99da577a93df81e495e46aa649c681c /crypto/x509
parent: 14b07a02a6b16f24e6bd6cbb11f9904e9ee50442 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 1ae37c4b..9d242348 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -206,10 +206,20 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 
 int i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
-    int length;
+    int length, tmplen;
+    unsigned char *start = *pp;
     length = i2d_X509(a, pp);
-    if (a)
-        length += i2d_X509_CERT_AUX(a->aux, pp);
+    if (length < 0 || a == NULL) {
+        return length;
+    }
+
+    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+    if (tmplen < 0) {
+        *pp = start;
+        return tmplen;
+    }
+    length += tmplen;
+
     return length;
 }
author	Steven Valdez <svaldez@google.com>	2016-04-26 19:57:22 +0300
committer	David Benjamin <davidben@google.com>	2016-04-26 20:12:01 +0300
commit	b32a9151da35c12136299a3bf4e21c8c77d13866 (patch)
tree	329df3e8f99da577a93df81e495e46aa649c681c /crypto/x509
parent	14b07a02a6b16f24e6bd6cbb11f9904e9ee50442 (diff)