base/SOURCES/openssl-1.0.1e-cve-2016-210...

diff -up openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos openssl-1.0.1e/crypto/asn1/a_d2i_fp.c
--- openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos	2013-02-11 16:02:47.000000000 +0100
+++ openssl-1.0.1e/crypto/asn1/a_d2i_fp.c	2016-04-29 13:44:52.205538739 +0200
@@ -139,6 +139,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *
 #endif
 
 #define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	{
 	BUF_MEM *b;
@@ -230,6 +231,8 @@ static int asn1_d2i_read_bio(BIO *in, BU
 			want=c.slen;
 			if (want > (len-off))
 				{
+				size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
 				want-=(len-off);
 				if (want > INT_MAX /* BIO_read takes an int length */ ||
 					len+want < len)
@@ -237,24 +240,38 @@ static int asn1_d2i_read_bio(BIO *in, BU
 						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
 						goto err;
 						}
-				if (!BUF_MEM_grow_clean(b,len+want))
-					{
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
 				while (want > 0)
 					{
-					i=BIO_read(in,&(b->data[len]),want);
-					if (i <= 0)
+					/*
+					 * Read content in chunks of increasing size
+					 * so we can return an error for EOF without
+					 * having to allocate the entire content length
+					 * in one go.
+					 */
+					size_t chunk = want > chunk_max ? chunk_max : want;
+
+					if (!BUF_MEM_grow_clean(b, len + chunk))
 						{
-						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-						    ASN1_R_NOT_ENOUGH_DATA);
+						ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
 						goto err;
 						}
-					/* This can't overflow because
-					 * |len+want| didn't overflow. */
-					len+=i;
-					want-=i;
+					want -= chunk;
+					while (chunk > 0)
+						{
+						i = BIO_read(in, &(b->data[len]), chunk);
+						if (i <= 0)
+							{
+							ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+								ASN1_R_NOT_ENOUGH_DATA);
+							goto err;
+							}
+						/* This can't overflow because
+						 * |len+want| didn't overflow. */
+						len += i;
+						chunk -= i;
+						}
+					if (chunk_max < INT_MAX/2)
+						chunk_max *= 2;
 					}
 				}
 			if (off + c.slen < off)
openssl package update Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org> 7 years ago			`diff -up openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos openssl-1.0.1e/crypto/asn1/a_d2i_fp.c`
			`--- openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos 2013-02-11 16:02:47.000000000 +0100`
			`+++ openssl-1.0.1e/crypto/asn1/a_d2i_fp.c 2016-04-29 13:44:52.205538739 +0200`
			`@@ -139,6 +139,7 @@ void ASN1_item_d2i_fp(const ASN1_ITEM `
			`#endif`

			`#define HEADER_SIZE 8`
			`+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)`
			`static int asn1_d2i_read_bio(BIO in, BUF_MEM *pb)`
			`{`
			`BUF_MEM *b;`
			`@@ -230,6 +231,8 @@ static int asn1_d2i_read_bio(BIO *in, BU`
			`want=c.slen;`
			`if (want > (len-off))`
			`{`
			`+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;`
			`+`
			`want-=(len-off);`
			`if (want > INT_MAX /* BIO_read takes an int length */ \|\|`
			`len+want < len)`
			`@@ -237,24 +240,38 @@ static int asn1_d2i_read_bio(BIO *in, BU`
			`ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);`
			`goto err;`
			`}`
			`- if (!BUF_MEM_grow_clean(b,len+want))`
			`- {`
			`- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);`
			`- goto err;`
			`- }`
			`while (want > 0)`
			`{`
			`- i=BIO_read(in,&(b->data[len]),want);`
			`- if (i <= 0)`
			`+ /*`
			`+ * Read content in chunks of increasing size`
			`+ * so we can return an error for EOF without`
			`+ * having to allocate the entire content length`
			`+ * in one go.`
			`+ */`
			`+ size_t chunk = want > chunk_max ? chunk_max : want;`
			`+`
			`+ if (!BUF_MEM_grow_clean(b, len + chunk))`
			`{`
			`- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,`
			`- ASN1_R_NOT_ENOUGH_DATA);`
			`+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);`
			`goto err;`
			`}`
			`- /* This can't overflow because`
			`- * \|len+want\| didn't overflow. */`
			`- len+=i;`
			`- want-=i;`
			`+ want -= chunk;`
			`+ while (chunk > 0)`
			`+ {`
			`+ i = BIO_read(in, &(b->data[len]), chunk);`
			`+ if (i <= 0)`
			`+ {`
			`+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,`
			`+ ASN1_R_NOT_ENOUGH_DATA);`
			`+ goto err;`
			`+ }`
			`+ /* This can't overflow because`
			`+ * \|len+want\| didn't overflow. */`
			`+ len += i;`
			`+ chunk -= i;`
			`+ }`
			`+ if (chunk_max < INT_MAX/2)`
			`+ chunk_max *= 2;`
			`}`
			`}`
			`if (off + c.slen < off)`