Return error when a bit string indicates an invalid amount of bits left

[openssl.git] / crypto / asn1 / f_int.c

diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
index d81c50dd039dfa166d877e9e4cd598895658e622..9494e597abc36d6b8c0fd65bd277fb762604a635 100644 (file)
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>
 
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
        {
@@ -69,10 +69,16 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
 
        if (a == NULL) return(0);
 
+       if (a->type & V_ASN1_NEG)
+               {
+               if (BIO_write(bp, "-", 1) != 1) goto err;
+               n = 1;
+               }
+
        if (a->length == 0)
                {
                if (BIO_write(bp,"00",2) != 2) goto err;
-               n=2;
+               n += 2;
                }
        else
                {
@@ -160,15 +166,14 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
                if (num+i > slen)
                        {
                        if (s == NULL)
-                               sp=(unsigned char *)Malloc(
+                               sp=(unsigned char *)OPENSSL_malloc(
                                        (unsigned int)num+i*2);
                        else
-                               sp=(unsigned char *)Realloc(s,
-                                       (unsigned int)num+i*2);
+                               sp=OPENSSL_realloc_clean(s,slen,num+i*2);
                        if (sp == NULL)
                                {
                                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-                               if (s != NULL) Free((char *)s);
+                               if (s != NULL) OPENSSL_free(s);
                                goto err;
                                }
                        s=sp;