From ac6a84bc7ac7fe15002c9466aedb5f311a62b88e Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 26 Jul 2016 12:28:43 -0400 Subject: Always check that the value returned by asn1_do_adb() is non-NULL. (Imported from upstream's a9b23465243b6d692bb0b419bdbe0b1f5a849e9c, 5e102f96eb6fcdba1db2dba41132f92fa492aea0, and 9bda72880113b2b2262d290b23bdd1d3b19ff5b3.) Change-Id: Ib608acb86cc128cacf20811c21bf6b38b0520106 Reviewed-on: https://boringssl-review.googlesource.com/8944 Reviewed-by: Adam Langley Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org --- crypto/asn1/tasn_dec.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'crypto') diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 616b587c..dfbd222a 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -399,7 +399,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, if (tt->flags & ASN1_TFLG_ADB_MASK) { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; - seqtt = asn1_do_adb(pval, tt, 1); + seqtt = asn1_do_adb(pval, tt, 0); + if (seqtt == NULL) + continue; pseqval = asn1_get_field_ptr(pval, seqtt); ASN1_template_free(pseqval, seqtt); } @@ -410,7 +412,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 1); - if (!seqtt) + if (seqtt == NULL) goto err; pseqval = asn1_get_field_ptr(pval, seqtt); /* Have we ran out of data? */ @@ -475,7 +477,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, for (; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(pval, tt, 1); - if (!seqtt) + if (seqtt == NULL) goto err; if (seqtt->flags & ASN1_TFLG_OPTIONAL) { ASN1_VALUE **pseqval; -- cgit v1.2.3