- Added input handling for x509parse_crt()
 - Prevented memory leak by only adding new certificate if needed in x509parse_crt()
 - Add certificate before parsing if chain is 'full' in x509parse_crt()

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 9b68af4..2596559 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -657,10 +657,33 @@
 
     crt = chain;
 
-    while( crt->version != 0 )
+    /*
+     * Check for valid input
+     */
+    if( crt == NULL || buf == NULL )
+        return( 1 );
+
+    while( crt->version != 0 || crt->next != NULL )
         crt = crt->next;
 
     /*
+     * Add new certificate on the end of the chain if needed.
+     */
+    if ( crt->next == NULL)
+    {
+        crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
+
+	if( crt->next == NULL )
+	{
+            x509_free( crt );
+	    return( 1 );
+	}
+
+	crt = crt->next;
+	memset( crt, 0, sizeof( x509_cert ) );
+    }
+
+    /*
      * check if the certificate is encoded in base64
      */
     s1 = (unsigned char *) strstr( (char *) buf,
@@ -942,7 +965,7 @@
         return( ret );
     }
 
-    if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, 9 ) != 0 )
+    if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
     {
           x509_free( crt );
         return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
@@ -961,19 +984,21 @@
                 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
     }
 
-    crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
-
-    if( crt->next == NULL )
-    {
-          x509_free( crt );
-        return( 1 );
-    }
-
-    crt = crt->next;
-    memset( crt, 0, sizeof( x509_cert ) );
-
     if( buflen > 0 )
+    {
+        crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
+
+	if( crt->next == NULL )
+	{
+            x509_free( crt );
+	    return( 1 );
+	}
+
+	crt = crt->next;
+	memset( crt, 0, sizeof( x509_cert ) );
+
         return( x509parse_crt( crt, buf, buflen ) );
+    }
 
     return( 0 );
 }