From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat, 11 Oct 2025 12:42:59 +0000 (+0800)
Subject: asn1: raise NOT_ENOUGH_DATA on header EOF
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~174
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9eb6922c5982baf116fe31661f921f1557640294;p=thirdparty%2Fopenssl.git

asn1: raise NOT_ENOUGH_DATA on header EOF

If BIO_read returns 0 with no buffered data, raise ASN1_R_NOT_ENOUGH_DATA
so callers see a specific error instead of a generic -1.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28883)
---

diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 98ce0231348..df86d8b3fe1 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -139,10 +139,12 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                 goto err;
             }
             i = BIO_read(in, &(b->data[len]), (int)want);
-            if (i < 0 && diff == 0) {
+
+            if (i <= 0 && diff == 0) {
                 ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
                 goto err;
             }
+
             if (i > 0) {
                 if (len + i < len) {
                     ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);