git.openssl.org Git - openssl.git/commit

author	Maximilian Blenk <Maximilian.Blenk@bmw.de>
	Tue, 7 Apr 2020 17:33:39 +0000 (19:33 +0200)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Fri, 8 May 2020 20:27:47 +0000 (13:27 -0700)
commit	0324ffc5d5d393111288eca2c9d67f2141ed65f5
tree	c8aa4d097d3abed98a9c21faf809f77debff58f8	tree \| snapshot
parent	257e9d03b028402089c9f98f3acb25ba668c09af	commit \| diff

Fix PEM certificate loading that sometimes fails

As described in https://github.com/openssl/openssl/issues/9187, the
loading of PEM certificates sometimes fails if a line of base64
content has the length of a multiple of 254.
The problem is in get_header_and_data(). When such a line with a
length of 254 (or a multiple) has been read, the next read will
only read a newline. Due to this get_header_and_data() expects to be
in the header not in the data area. This commit fixes that by checking
if lines have been read completely or only partially. In case of a
previous partial read, a newline will be ignored.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11741)

crypto/pem/pem_lib.c		diff \| blob \| history
test/recipes/04-test_pem.t		diff \| blob \| history
test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem	[new file with mode: 0644]	blob
test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem	[new file with mode: 0644]	blob
test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem	[new file with mode: 0644]	blob