x509parse_crt() now better handles PEM error situations

Because of new pem_read_buffer() handling of when it writes use_len, x509parse_crt() is able to better handle situations where a PEM blob results in an error but the other blobs can still be parsed.
2024-10-18 18:21:07 +00:00 · 2013-06-06 15:01:18 +02:00 · 2013-06-06 15:01:18 +02:00 · 6417186365
parent 9255e8300e
commit 6417186365
2 changed files with 11 additions and 0 deletions
--- a/1
+++ b/1
@ -9,6 +9,7 @@ Bugfix
     supports secure renegotiation
   * Fixed offset for cert_type list in ssl_parse_certificate_request()
   * Fixed const correctness issues that have no impact on the ABI
+   * x509parse_crt() now better handles PEM error situations

 = Version 1.2.7 released 2013-04-13
 Features
--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -1463,10 +1463,20 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
                buflen -= use_len;
                buf += use_len;
            }
+            else if( ret == POLARSSL_ERR_PEM_BAD_INPUT_DATA )
+            {
+                return( ret );
+            }
            else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
            {
                pem_free( &pem );

+                /*
+                 * PEM header and footer were found
+                 */
+                buflen -= use_len;
+                buf += use_len;
+
                if( first_error == 0 )
                    first_error = ret;