X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Ftasn_dec.c;h=7237f7e93cec76e7fed8ec4b946bfa80aa21383f;hp=22e5b4ab525ae15e2c5fad8312fb0de50ed200c6;hb=83d968df60de6d33de4f0740c6d5051457a17cf0;hpb=a8312c0e24a73e70b25d9811de2106f50b32081b

diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 22e5b4ab52..7237f7e93c 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -58,6 +58,7 @@
 
 
 #include <stddef.h>
+#include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
@@ -131,8 +132,18 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1
 	switch(it->itype) {
 
 		case ASN1_ITYPE_PRIMITIVE:
-		if(it->templates)
+		if(it->templates) {
+			/* tagging or OPTIONAL is currently illegal on an item template
+			 * because the flags can't get passed down. In practice this isn't
+			 * a problem: we include the relevant flags from the item template
+			 * in the template itself.
+			 */
+			if ((tag != -1) || opt) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+				goto err;
+			}
 			return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
+		}
 		return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
 		break;
 
@@ -216,14 +227,23 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1
 		case ASN1_ITYPE_CHOICE:
 		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
 				goto auxerr;
+
+		/* Allocate structure */
+		if(!*pval) {
+			if(!ASN1_item_ex_new(pval, it)) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+		}
 		/* CHOICE type, try each possibility in turn */
 		pchval = NULL;
 		p = *in;
 		for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
+			pchptr = asn1_get_field_ptr(pval, tt);
 			/* We mark field as OPTIONAL so its absence
 			 * can be recognised.
 			 */
-			ret = asn1_template_ex_d2i(&pchval, &p, len, tt, 1, ctx);
+			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
 			/* If field not present, try the next one */
 			if(ret == -1) continue;
 			/* If positive return, read OK, break loop */
@@ -231,25 +251,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1
 			/* Otherwise must be an ASN1 parsing error */
 			errtt = tt;
 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-			return 0;
+			goto err;
 		}
 		/* Did we fall off the end without reading anything? */
 		if(i == it->tcount) {
 			/* If OPTIONAL, this is OK */
-			if(opt) return -1;
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
-			return 0;
-		}
-		/* Otherwise we got a match, allocate structure and populate it */
-		if(!*pval) {
-			if(!ASN1_item_ex_new(pval, it)) {
-				errtt = tt;
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-				return 0;
+			if(opt) {
+				/* Free and zero it */
+				ASN1_item_ex_free(pval, it);
+				return -1;
 			}
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+			goto err;
 		}
-		pchptr = asn1_get_field_ptr(pval, tt);
-		*pchptr = pchval;
 		asn1_set_choice_selector(pval, i, it);
 		*in = p;
 		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
@@ -482,7 +496,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le
 			ASN1_VALUE *vtmp;
 			while(sk_num(sktmp) > 0) {
 				vtmp = (ASN1_VALUE *)sk_pop(sktmp);
-				ASN1_item_ex_free(&vtmp, tt->item);
+				ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
 			}
 		}
 				
@@ -505,7 +519,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le
 				break;
 			}
 			skfield = NULL;
-			if(!ASN1_item_ex_d2i(&skfield, &p, len, tt->item, -1, 0, 0, ctx)) {
+			if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
 				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
 				goto err;
 			}
@@ -521,14 +535,14 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le
 		}
 	} else if(flags & ASN1_TFLG_IMPTAG) {
 		/* IMPLICIT tagging */
-		ret = ASN1_item_ex_d2i(val, &p, len, tt->item, tt->tag, aclass, opt, ctx);
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
 		if(!ret) {
 			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
 			goto err;
 		} else if(ret == -1) return -1;
 	} else {
 		/* Nothing special */
-		ret = ASN1_item_ex_d2i(val, &p, len, tt->item, -1, 0, opt, ctx);
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
 		if(!ret) {
 			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
 			goto err;