Reject empty generation strings.

Reported by Hanno Böck <hanno@hboeck.de> Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-04-16 01:21:05 +0200
committer: Dr. Stephen Henson <steve@openssl.org> 2015-04-16 17:04:23 +0200
commit: 111b60bea01d234b5873488c19ff2b9c5d4d58e9 (patch)
tree: 843d26bc2990cb43cca53049f49cfa698adbb187 /crypto
parent: Limit depth of nested sequences when generating ASN.1 (diff)
download: openssl-111b60bea01d234b5873488c19ff2b9c5d4d58e9.tar.xz
openssl-111b60bea01d234b5873488c19ff2b9c5d4d58e9.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 36fc218d3c..cee37495e2 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -167,8 +167,10 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
     asn1_tags.imp_class = -1;
     asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
     asn1_tags.exp_count = 0;
-    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
+        *perr = ASN1_R_UNKNOWN_TAG;
         return NULL;
+    }
 
     if ((asn1_tags.utype == V_ASN1_SEQUENCE)
         || (asn1_tags.utype == V_ASN1_SET)) {
@@ -298,7 +300,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
     int tmp_tag, tmp_class;
 
     if (elem == NULL)
-        return 0;
+        return -1;
 
     for (i = 0, p = elem; i < len; p++, i++) {
         /* Look for the ':' in name value pairs */
author	Dr. Stephen Henson <steve@openssl.org>	2015-04-16 01:21:05 +0200
committer	Dr. Stephen Henson <steve@openssl.org>	2015-04-16 17:04:23 +0200
commit	111b60bea01d234b5873488c19ff2b9c5d4d58e9 (patch)
tree	843d26bc2990cb43cca53049f49cfa698adbb187 /crypto
parent	Limit depth of nested sequences when generating ASN.1 (diff)
download	openssl-111b60bea01d234b5873488c19ff2b9c5d4d58e9.tar.xz openssl-111b60bea01d234b5873488c19ff2b9c5d4d58e9.zip