commit 754106713fd349be267ec0dfe6f4f8a97c1b3cdb
author Alexandre Savard <alexandre.savard@savoirfairelinux.com> Wed Aug 08 09:50:01 2012 -0400
committer Alexandre Savard <alexandre.savard@savoirfairelinux.com> Wed Aug 08 09:50:01 2012 -0400
tree 767702dc681aea550f7c8c626e936e019981b7dc
parent ace91efcc58b8704c3e8e9c03e33afc1a59aecc3

#14465: Update openssl to tag android-4.0.4_r2.1

jni/openssl/crypto/asn1/a_d2i_fp.c

diff --git a/jni/openssl/crypto/asn1/a_d2i_fp.c b/jni/openssl/crypto/asn1/a_d2i_fp.c
index 52b2ebd..ece40bc 100644
--- a/jni/openssl/crypto/asn1/a_d2i_fp.c
+++ b/jni/openssl/crypto/asn1/a_d2i_fp.c
@@ -57,7 +57,6 @@
  */
 
 #include <stdio.h>
-#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>
@@ -144,11 +143,17 @@
 	BUF_MEM *b;
 	unsigned char *p;
 	int i;
+	int ret=-1;
 	ASN1_const_CTX c;
-	size_t want=HEADER_SIZE;
+	int want=HEADER_SIZE;
 	int eos=0;
-	size_t off=0;
-	size_t len=0;
+#if defined(__GNUC__) && defined(__ia64)
+	/* pathetic compiler bug in all known versions as of Nov. 2002 */
+	long off=0;
+#else
+	int off=0;
+#endif
+	int len=0;
 
 	b=BUF_MEM_new();
 	if (b == NULL)
@@ -164,7 +169,7 @@
 			{
 			want-=(len-off);
 
-			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
+			if (!BUF_MEM_grow_clean(b,len+want))
 				{
 				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -176,14 +181,7 @@
 				goto err;
 				}
 			if (i > 0)
-				{
-				if (len+i < len)
-					{
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-					goto err;
-					}
 				len+=i;
-				}
 			}
 		/* else data already loaded */
 
@@ -208,11 +206,6 @@
 			{
 			/* no data body so go round again */
 			eos++;
-			if (eos < 0)
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
-				goto err;
-				}
 			want=HEADER_SIZE;
 			}
 		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
@@ -227,16 +220,10 @@
 		else 
 			{
 			/* suck in c.slen bytes of data */
-			want=c.slen;
+			want=(int)c.slen;
 			if (want > (len-off))
 				{
 				want-=(len-off);
-				if (want > INT_MAX /* BIO_read takes an int length */ ||
-					len+want < len)
-						{
-						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-						goto err;
-						}
 				if (!BUF_MEM_grow_clean(b,len+want))
 					{
 					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
@@ -251,18 +238,11 @@
 						    ASN1_R_NOT_ENOUGH_DATA);
 						goto err;
 						}
-					/* This can't overflow because
-					 * |len+want| didn't overflow. */
 					len+=i;
-					want-=i;
+					want -= i;
 					}
 				}
-			if (off + c.slen < off)
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-				goto err;
-				}
-			off+=c.slen;
+			off+=(int)c.slen;
 			if (eos <= 0)
 				{
 				break;
@@ -272,15 +252,9 @@
 			}
 		}
 
-	if (off > INT_MAX)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-		goto err;
-		}
-
 	*pb = b;
 	return off;
 err:
 	if (b != NULL) BUF_MEM_free(b);
-	return -1;
+	return(ret);
 	}