From 728bcd59d3d41e152aead0d15acc51a8958536d3 Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Tue, 15 Sep 2015 00:07:02 +0200
Subject: [PATCH] d2i: don't update input pointer on failure

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
MR #1005
(cherry picked from commit a46c9789ce2aecedceef119e9883513c7a49f1ca)
---
 crypto/asn1/d2i_pr.c    | 11 ++++++++---
 crypto/asn1/tasn_dec.c  |  4 ++--
 crypto/asn1/x_pubkey.c  |  5 ++++-
 crypto/asn1/x_x509.c    |  7 ++++---
 crypto/ec/ec_asn1.c     |  8 ++++++--
 crypto/x509v3/v3_scts.c |  4 +++-
 6 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c96da091d3..314f4e38ba 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -72,6 +72,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                          long length)
 {
     EVP_PKEY *ret;
+    const unsigned char *p = *pp;
 
     if ((a == NULL) || (*a == NULL)) {
         if ((ret = EVP_PKEY_new()) == NULL) {
@@ -94,10 +95,10 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
     }
 
     if (!ret->ameth->old_priv_decode ||
-        !ret->ameth->old_priv_decode(ret, pp, length)) {
+        !ret->ameth->old_priv_decode(ret, &p, length)) {
         if (ret->ameth->priv_decode) {
             PKCS8_PRIV_KEY_INFO *p8 = NULL;
-            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
             if (!p8)
                 goto err;
             EVP_PKEY_free(ret);
@@ -109,6 +110,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
             goto err;
         }
     }
+    *pp = p;
     if (a != NULL)
         (*a) = ret;
     return (ret);
@@ -136,6 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
      * input is surrounded by an ASN1 SEQUENCE.
      */
     inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+    p = *pp;
     /*
      * Since we only need to discern "traditional format" RSA and DSA keys we
      * can just count the elements.
@@ -146,7 +149,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         keytype = EVP_PKEY_EC;
     else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
                                               * traditional format */
-        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
         EVP_PKEY *ret;
 
         sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
@@ -157,6 +160,8 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         }
         ret = EVP_PKCS82PKEY(p8);
         PKCS8_PRIV_KEY_INFO_free(p8);
+        if (ret != NULL)
+            *pp = p;
         if (a) {
             *a = ret;
         }
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 7fd336a402..febf6059cb 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -350,9 +350,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
         }
 
         asn1_set_choice_selector(pval, i, it);
-        *in = p;
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
             goto auxerr;
+        *in = p;
         return 1;
 
     case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -489,9 +489,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
         /* Save encoding */
         if (!asn1_enc_save(pval, *in, p - *in, it))
             goto auxerr;
-        *in = p;
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
             goto auxerr;
+        *in = p;
         return 1;
 
     default:
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 4b682018c2..6c57a7971c 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -188,13 +188,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
 {
     X509_PUBKEY *xpk;
     EVP_PKEY *pktmp;
-    xpk = d2i_X509_PUBKEY(NULL, pp, length);
+    const unsigned char *q;
+    q = *pp;
+    xpk = d2i_X509_PUBKEY(NULL, &q, length);
     if (!xpk)
         return NULL;
     pktmp = X509_PUBKEY_get(xpk);
     X509_PUBKEY_free(xpk);
     if (!pktmp)
         return NULL;
+    *pp = q;
     if (a) {
         EVP_PKEY_free(*a);
         *a = pktmp;
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index 5f266a26b4..63c15e8830 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -180,16 +180,17 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
     if (!a || *a == NULL) {
         freeret = 1;
     }
-    ret = d2i_X509(a, pp, length);
+    ret = d2i_X509(a, &q, length);
     /* If certificate unreadable then forget it */
     if (!ret)
         return NULL;
     /* update length */
-    length -= *pp - q;
+    length -= q - *pp;
     if (!length)
         return ret;
-    if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+    if (!d2i_X509_CERT_AUX(&ret->aux, &q, length))
         goto err;
+    *pp = q;
     return ret;
  err:
     if (freeret) {
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 4ad8494981..33abf61f44 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -970,8 +970,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
 {
     EC_GROUP *group = NULL;
     ECPKPARAMETERS *params = NULL;
+    const unsigned char *p = *in;
 
-    if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
+    if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
         ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
         ECPKPARAMETERS_free(params);
         return NULL;
@@ -989,6 +990,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
         *a = group;
 
     ECPKPARAMETERS_free(params);
+    *in = p;
     return (group);
 }
 
@@ -1016,8 +1018,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
     int ok = 0;
     EC_KEY *ret = NULL;
     EC_PRIVATEKEY *priv_key = NULL;
+    const unsigned char *p = *in;
 
-    if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) {
+    if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
         ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
         return NULL;
     }
@@ -1096,6 +1099,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
 
     if (a)
         *a = ret;
+    *in = p;
     ok = 1;
  err:
     if (!ok) {
diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 6e0b8d6844..0b7c68180e 100644
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c
@@ -190,8 +190,9 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a,
     SCT *sct;
     unsigned char *p, *p2;
     unsigned short listlen, sctlen = 0, fieldlen;
+    const unsigned char *q = *pp;
 
-    if (d2i_ASN1_OCTET_STRING(&oct, pp, length) == NULL)
+    if (d2i_ASN1_OCTET_STRING(&oct, &q, length) == NULL)
         return NULL;
     if (oct->length < 2)
         goto done;
@@ -279,6 +280,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a,
 
  done:
     ASN1_OCTET_STRING_free(oct);
+    *pp = q;
     return sk;
 
  err:
-- 
2.34.1