mirror of
https://github.com/openssl/openssl.git
synced 2024-11-25 19:13:48 +08:00
We can't always read 6 bytes in an OCSP response: fix so error statuses
are read correctly for non-blocking I/O.
This commit is contained in:
parent
8ec3fa0597
commit
983768997e
@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
|
||||
|
||||
|
||||
case OHS_ASN1_HEADER:
|
||||
/* Now reading ASN1 header: can read at least 6 bytes which
|
||||
* is more than enough for any valid ASN1 SEQUENCE header
|
||||
/* Now reading ASN1 header: can read at least 2 bytes which
|
||||
* is enough for ASN1 SEQUENCE header and either length field
|
||||
* or at least the length of the length field.
|
||||
*/
|
||||
n = BIO_get_mem_data(rctx->mem, &p);
|
||||
if (n < 6)
|
||||
if (n < 2)
|
||||
goto next_io;
|
||||
|
||||
/* Check it is an ASN1 SEQUENCE */
|
||||
@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
|
||||
/* Check out length field */
|
||||
if (*p & 0x80)
|
||||
{
|
||||
/* If MSB set on initial length octet we can now
|
||||
* always read 6 octets: make sure we have them.
|
||||
*/
|
||||
if (n < 6)
|
||||
goto next_io;
|
||||
n = *p & 0x7F;
|
||||
/* Not NDEF or excessive length */
|
||||
if (!n || (n > 4))
|
||||
|
Loading…
Reference in New Issue
Block a user