From 8e89e645540c54fce34ae390cff89048ce9767ed Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@chromium.org>
Date: Wed, 6 Aug 2014 16:01:44 -0700
Subject: [PATCH] bytestring: fix ASN.1 data longer than 127 bytes.

When shifting data because extra ASN.1 length bytes were needed, the
data was moved from the start of the ASN.1 length, not the start of the
ASN.1 data.

Change-Id: Ib13d5e4e878774df2af0505c0297eff6cf781728
Reviewed-on: https://boringssl-review.googlesource.com/1430
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/bytestring/bytestring_test.c | 14 ++++++++++----
 crypto/bytestring/cbb.c             |  8 ++++++--
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/crypto/bytestring/bytestring_test.c b/crypto/bytestring/bytestring_test.c
index fbfe61bf..e02eeaa5 100644
--- a/crypto/bytestring/bytestring_test.c
+++ b/crypto/bytestring/bytestring_test.c
@@ -346,7 +346,8 @@ static int test_cbb_asn1() {
   }
   free(buf);
 
-  test_data = calloc(1, 100000);
+  test_data = malloc(100000);
+  memset(test_data, 0x42, 100000);
 
   if (!CBB_init(&cbb, 0) ||
       !CBB_add_asn1(&cbb, &contents, 0x30) ||
@@ -355,7 +356,9 @@ static int test_cbb_asn1() {
     return 0;
   }
 
-  if (buf_len != 3 + 130 || memcmp(buf, "\x30\x81\x82", 3) != 0) {
+  if (buf_len != 3 + 130 ||
+      memcmp(buf, "\x30\x81\x82", 3) != 0 ||
+      memcmp(buf + 3, test_data, 130) != 0) {
     return 0;
   }
   free(buf);
@@ -367,7 +370,9 @@ static int test_cbb_asn1() {
     return 0;
   }
 
-  if (buf_len != 4 + 1000 || memcmp(buf, "\x30\x82\x03\xe8", 4) != 0) {
+  if (buf_len != 4 + 1000 ||
+      memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 ||
+      memcmp(buf + 4, test_data, 1000)) {
     return 0;
   }
   free(buf);
@@ -381,7 +386,8 @@ static int test_cbb_asn1() {
   }
 
   if (buf_len != 5 + 5 + 100000 ||
-      memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0) {
+      memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 ||
+      memcmp(buf + 10, test_data, 100000)) {
     return 0;
   }
   free(buf);
diff --git a/crypto/bytestring/cbb.c b/crypto/bytestring/cbb.c
index 3e35d5d5..850fa02b 100644
--- a/crypto/bytestring/cbb.c
+++ b/crypto/bytestring/cbb.c
@@ -14,6 +14,8 @@
 
 #include <openssl/bytestring.h>
 
+#include <assert.h>
+
 #include <openssl/mem.h>
 
 
@@ -174,6 +176,8 @@ int CBB_flush(CBB *cbb) {
     size_t len_len;
     uint8_t initial_length_byte;
 
+    assert (cbb->pending_len_len == 1);
+
     if (len > 0xfffffffe) {
       /* Too large. */
       return 0;
@@ -201,8 +205,8 @@ int CBB_flush(CBB *cbb) {
       if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) {
         return 0;
       }
-      memmove(cbb->base->buf + cbb->offset + extra_bytes,
-              cbb->base->buf + cbb->offset, len);
+      memmove(cbb->base->buf + child_start + extra_bytes,
+              cbb->base->buf + child_start, len);
     }
     cbb->base->buf[cbb->offset++] = initial_length_byte;
     cbb->pending_len_len = len_len - 1;