From 2de5d3b87a7980efdb1c1e8350760b60d3d53e1e Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 1 Mar 2021 12:43:05 +0100 Subject: [PATCH] HTTP: Fix BIO_mem_d2i() on NULL mem input This fixes also failure behavior of OSSL_HTTP_REQ_CTX_sendreq_d2i(), OCSP_sendreq_nbio(), etc. Fixes #14322 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14356) --- crypto/http/http_client.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 259bad366b..2f59cb421a 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -736,9 +736,12 @@ static ASN1_VALUE *BIO_mem_d2i(BIO *mem, const ASN1_ITEM *it) { const unsigned char *p; long len = BIO_get_mem_data(mem, &p); - ASN1_VALUE *resp = ASN1_item_d2i(NULL, &p, len, it); + ASN1_VALUE *resp; - if (resp == NULL) + if (mem == NULL) + return NULL; + + if ((resp = ASN1_item_d2i(NULL, &p, len, it)) == NULL) ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR); return resp; } @@ -1056,11 +1059,10 @@ ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); return NULL; } - if ((mem = OSSL_HTTP_get(url, proxy, no_proxy, bio, rbio, bio_update_fn, - arg, headers, maxline, max_resp_len, timeout, - expected_ct, 1 /* expect_asn1 */)) - != NULL) - resp = BIO_mem_d2i(mem, rsp_it); + mem = OSSL_HTTP_get(url, proxy, no_proxy, bio, rbio, bio_update_fn, + arg, headers, maxline, max_resp_len, timeout, + expected_ct, 1 /* expect_asn1 */); + resp = BIO_mem_d2i(mem /* may be NULL */, rsp_it); BIO_free(mem); return resp; } @@ -1096,8 +1098,7 @@ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, max_resp_len, timeout, expected_ct, 1 /* expect_asn1 */, NULL); BIO_free(req_mem); - if (res_mem != NULL) - resp = BIO_mem_d2i(res_mem, rsp_it); + resp = BIO_mem_d2i(res_mem /* may be NULL */, rsp_it); BIO_free(res_mem); return resp; } -- 2.39.2