We can't always read 6 bytes in an OCSP response: fix so error statuses

are read correctly for non-blocking I/O.
This commit is contained in:
Dr. Stephen Henson 2010-10-06 18:00:59 +00:00
parent 8ec3fa0597
commit 983768997e

View File

@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
case OHS_ASN1_HEADER:
/* Now reading ASN1 header: can read at least 6 bytes which
* is more than enough for any valid ASN1 SEQUENCE header
/* Now reading ASN1 header: can read at least 2 bytes which
* is enough for ASN1 SEQUENCE header and either length field
* or at least the length of the length field.
*/
n = BIO_get_mem_data(rctx->mem, &p);
if (n < 6)
if (n < 2)
goto next_io;
/* Check it is an ASN1 SEQUENCE */
@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
/* Check out length field */
if (*p & 0x80)
{
/* If MSB set on initial length octet we can now
* always read 6 octets: make sure we have them.
*/
if (n < 6)
goto next_io;
n = *p & 0x7F;
/* Not NDEF or excessive length */
if (!n || (n > 4))