From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Mon, 7 Mar 2022 09:51:25 +0000 (+0800)
Subject: crypto/pem/pem_lib.c: Add check for BIO_read
X-Git-Tag: openssl-3.2.0-alpha1~2855
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2823e2e1d39479a7835d176862ec15e47a1bdecd;p=thirdparty%2Fopenssl.git

crypto/pem/pem_lib.c: Add check for BIO_read

As the potential failure of the BIO_read(),
it should be better to add the check and return
error if fails.
Also, in order to decrease the same code, using
'out_free' will be better.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17754)
---

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 3d7e2f36a59..681153593bc 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -971,19 +971,22 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
     headerlen = BIO_get_mem_data(headerB, NULL);
     *header = pem_malloc(headerlen + 1, flags);
     *data = pem_malloc(len, flags);
-    if (*header == NULL || *data == NULL) {
-        pem_free(*header, flags, 0);
-        pem_free(*data, flags, 0);
-        goto end;
-    }
-    BIO_read(headerB, *header, headerlen);
+    if (*header == NULL || *data == NULL)
+        goto out_free;
+    if (headerlen != 0 && BIO_read(headerB, *header, headerlen) != headerlen)
+        goto out_free;
     (*header)[headerlen] = '\0';
-    BIO_read(dataB, *data, len);
+    if (BIO_read(dataB, *data, len) != len)
+        goto out_free;
     *len_out = len;
     *name_out = name;
     name = NULL;
     ret = 1;
+    goto end;
 
+out_free:
+    pem_free(*header, flags, 0);
+    pem_free(*data, flags, 0);
 end:
     EVP_ENCODE_CTX_free(ctx);
     pem_free(name, flags, 0);