Fix x509_name_ex_i2d error-handling. This function forgot to handle errors in ASN1_item_ex_i2d. It also checked x509_name_canon for ret < 0, when x509_name_canon returns a boolean. For consistency, I've switched to x509_name_encode to return a boolean as well. It doesn't actually need to return a length because it's responsible for filling in a->bytes. (This is also far from thread-safe, but I'll figure out what to do there separately.) Bug: 429 Change-Id: I1dddeab320018be4b837f95001cbeeba4e25f0a1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49346 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index e4b5835..348d31b 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c
@@ -261,17 +261,13 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) { - int ret; X509_NAME *a = (X509_NAME *)*val; - if (a->modified) { - ret = x509_name_encode(a); - if (ret < 0) - return ret; - ret = x509_name_canon(a); - if (ret < 0) - return ret; + if (a->modified && + (!x509_name_encode(a) || + !x509_name_canon(a))) { + return -1; } - ret = a->bytes->length; + int ret = a->bytes->length; if (out != NULL) { OPENSSL_memcpy(*out, a->bytes->data, ret); *out += ret; @@ -309,20 +305,26 @@ ASN1_VALUE *intname_val = (ASN1_VALUE *)intname; len = ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); + if (len <= 0) { + goto err; + } if (!BUF_MEM_grow(a->bytes, len)) goto memerr; p = (unsigned char *)a->bytes->data; - ASN1_item_ex_i2d(&intname_val, - &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); + if (ASN1_item_ex_i2d(&intname_val, + &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1) <= 0) { + goto err; + } sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); a->modified = 0; - return len; + return 1; memerr: + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); +err: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); - OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); - return -1; + return 0; } /*