Prevent parsing of SSL certificates from 0-size buffers.

When QSslCertificatePrivate::certificatesFromDer() was passed count == -1 to extract unlimied number of certificates from buffer, it also tried to parse the 0-sized fragment after the last certificate. This has caused d2i_X509() to report an error on latest OpenSSL. Task-number: QTBUG-41774 Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
2014-10-04 10:58:09 +02:00 · 2014-10-04 10:58:09 +02:00 · 9ddf2fb376
commit 9ddf2fb376
parent 5f1f955524
1 changed files with 1 additions and 1 deletions
--- a/src/network/ssl/qsslcertificate_openssl.cpp
+++ b/src/network/ssl/qsslcertificate_openssl.cpp
@ -683,7 +683,7 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr
 #endif
    int size = der.size();

-    while (count == -1 || certificates.size() < count) {
+    while (size > 0 && (count == -1 || certificates.size() < count)) {
        if (X509 *x509 = q_d2i_X509(0, &data, size)) {
            certificates << QSslCertificate_from_X509(x509);
            q_X509_free(x509);