diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index b6ba2e69..c39d98d9 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -782,7 +782,7 @@ static bool TestFromBuffer() { return false; } - bssl::UniquePtr root(d2i_X509_from_buffer(buf.get())); + bssl::UniquePtr root(X509_parse_from_buffer(buf.get())); if (!root) { return false; } @@ -824,7 +824,7 @@ static bool TestFromBufferTrailingData() { } bssl::UniquePtr root_trailing_data( - d2i_X509_from_buffer(buf_trailing_data.get())); + X509_parse_from_buffer(buf_trailing_data.get())); if (root_trailing_data) { fprintf(stderr, "TestFromBuffer: trailing data was not rejected.\n"); return false; @@ -846,7 +846,7 @@ static bool TestFromBufferModified() { return false; } - bssl::UniquePtr root(d2i_X509_from_buffer(buf.get())); + bssl::UniquePtr root(X509_parse_from_buffer(buf.get())); if (!root) { return false; } @@ -857,8 +857,8 @@ static bool TestFromBufferModified() { if (i2d_X509(root.get(), nullptr) != static_cast(data_len)) { fprintf(stderr, - "TestFromBuffer: i2d_X509 gives different answer before marking as " - "modified.\n"); + "TestFromBufferModified: i2d_X509 gives different answer before " + "marking as modified.\n"); return false; } @@ -866,8 +866,8 @@ static bool TestFromBufferModified() { if (i2d_X509(root.get(), nullptr) == static_cast(data_len)) { fprintf(stderr, - "TestFromBuffer: i2d_X509 gives same answer after marking as " - "modified.\n"); + "TestFromBufferModified: i2d_X509 gives same answer after marking " + "as modified.\n"); return false; } @@ -887,7 +887,7 @@ static bool TestFromBufferReused() { return false; } - bssl::UniquePtr root(d2i_X509_from_buffer(buf.get())); + bssl::UniquePtr root(X509_parse_from_buffer(buf.get())); if (!root) { return false; } @@ -903,7 +903,13 @@ static bool TestFromBufferReused() { X509 *ret = d2i_X509(&x509p, &inp, data2_len); if (ret != root.get()) { fprintf(stderr, - "TestFromBuffer: d2i_X509 parsed into a different object.\n"); + "TestFromBufferReused: d2i_X509 parsed into a different object.\n"); + return false; + } + + if (root->buf != nullptr) { + fprintf(stderr, + "TestFromBufferReused: d2i_X509 didn't clear |buf| pointer.\n"); return false; } @@ -911,19 +917,18 @@ static bool TestFromBufferReused() { // following will trigger a use-after-free. data2.reset(); - const long i2d_len = i2d_X509(root.get(), nullptr); + uint8_t *i2d = nullptr; + int i2d_len = i2d_X509(root.get(), &i2d); if (i2d_len < 0) { return false; } - std::unique_ptr i2d(new uint8_t[i2d_len]); - uint8_t *outp = i2d.get(); - i2d_X509(root.get(), &outp); + bssl::UniquePtr i2d_storage(i2d); if (!PEMToDER(&data2, &data2_len, kLeafPEM)) { return false; } if (i2d_len != static_cast(data2_len) || - memcmp(data2.get(), i2d.get(), i2d_len) != 0) { + memcmp(data2.get(), i2d, i2d_len) != 0) { fprintf(stderr, "TestFromBufferReused: i2d gave wrong result.\n"); return false; } diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index e2a65ff9..845d4b28 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -150,7 +150,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509) IMPLEMENT_ASN1_DUP_FUNCTION(X509) -X509 *d2i_X509_from_buffer(CRYPTO_BUFFER *buf) { +X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf) { X509 *x509 = X509_new(); if (x509 == NULL) { return NULL; diff --git a/include/openssl/x509.h b/include/openssl/x509.h index a457b664..8f2e1c3a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -638,11 +638,11 @@ OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, unsigned char *md, unsigned int *len); #endif -/* d2i_X509_from_buffer parses an X.509 structure from |buf| and returns a +/* X509_parse_from_buffer parses an X.509 structure from |buf| and returns a * fresh X509 or NULL on error. There must not be any trailing data in |buf|. * The returned structure (if any) holds a reference to |buf| rather than * copying parts of it as a normal |d2i_X509| call would do. */ -OPENSSL_EXPORT X509 *d2i_X509_from_buffer(CRYPTO_BUFFER *buf); +OPENSSL_EXPORT X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf); #ifndef OPENSSL_NO_FP_API OPENSSL_EXPORT X509 *d2i_X509_fp(FILE *fp, X509 **x509);