commit 382bc292514c2d5c5eb8290a1cecccdf5fe5944a
author David Benjamin <davidben@chromium.org> Sat Sep 19 14:29:19 2015 -0400
committer Adam Langley <agl@google.com> Mon Sep 28 22:15:42 2015 +0000
tree fc3779deb92f12aeedc1df9c6e9152487a8082c1
parent 15e4deb1658f95a318a5aa0ce210c7ecff639652

Defensively avoid assuming d2i functions don't advance on error.

Although the previous commit should ensure this doesn't happen, the
uint8_t** pattern is very error-prone and we're trying to avoid doing
much to the legacy ASN.1 stack. To that end, maintaining the strong
exception guarantee w.r.t. the input pointer-pointer is best effort and
we won't rely on it, so we needn't spend our time chasing down problems.

Change-Id: Ib78974eb94377fe0b0b379f57d9695dc81f344bb
Reviewed-on: https://boringssl-review.googlesource.com/5949
Reviewed-by: Adam Langley <agl@google.com>

crypto/evp/evp_asn1.c

diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c
index 08956e1..c57f411 100644
--- a/crypto/evp/evp_asn1.c
+++ b/crypto/evp/evp_asn1.c
@@ -87,6 +87,8 @@
   if (!ret->ameth->old_priv_decode ||
       !ret->ameth->old_priv_decode(ret, &in, len)) {
     if (ret->ameth->priv_decode) {
+      /* Reset |in| in case |old_priv_decode| advanced it on error. */
+      in = *inp;
       PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &in, len);
       if (!p8) {
         goto err;