x509parse_crt() now better handles PEM error situations

Because of new pem_read_buffer() handling of when it writes use_len, x509parse_crt() is able to better handle situations where a PEM blob results in an error but the other blobs can still be parsed. (cherry picked from commit 6417186365) Conflicts: ChangeLog
2025-07-07 10:10:33 +00:00 · 2013-06-19 12:07:42 +02:00 · 2013-06-19 12:07:42 +02:00 · 721f06d49d
parent 03a85bca4c
commit 721f06d49d
2 changed files with 13 additions and 0 deletions
--- a/3
+++ b/3
@ -4,6 +4,9 @@ PolarSSL ChangeLog
 Changes
   * HAVEGE random generator disabled by default

+Bugfix
+   * x509parse_crt() now better handles PEM error situations
+
 = Version 1.1.6 released on 2013-03-11
 Bugfix
   * Fixed net_bind() for specified IP addresses on little endian systems
--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -1349,10 +1349,20 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
                buflen -= use_len;
                buf += use_len;
            }
+            else if( ret == POLARSSL_ERR_PEM_BAD_INPUT_DATA )
+            {
+                return( ret );
+            }
            else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
            {
                pem_free( &pem );

+                /*
+                 * PEM header and footer were found
+                 */
+                buflen -= use_len;
+                buf += use_len;
+
                if( first_error == 0 )
                    first_error = ret;