From 9ddf2fb3768e87cc1f6dbb181261d68f266f4327 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miko=C5=82aj=20Siedlarek?= <mikolaj@siedlarek.pl>
Date: Sat, 4 Oct 2014 10:58:09 +0200
Subject: [PATCH] Prevent parsing of SSL certificates from 0-size buffers.

When QSslCertificatePrivate::certificatesFromDer() was passed count ==
-1 to extract unlimied number of certificates from buffer, it also tried
to parse the 0-sized fragment after the last certificate.  This has
caused d2i_X509() to report an error on latest OpenSSL.

Task-number: QTBUG-41774
Change-Id: Ifa36b7ac5b4236bd2fb53b9d7fe53c5db3cb078c
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
---
 src/network/ssl/qsslcertificate_openssl.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp
index 664f5eba08f..850654835da 100644
--- a/src/network/ssl/qsslcertificate_openssl.cpp
+++ b/src/network/ssl/qsslcertificate_openssl.cpp
@@ -683,7 +683,7 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteAr
 #endif
     int size = der.size();
 
-    while (count == -1 || certificates.size() < count) {
+    while (size > 0 && (count == -1 || certificates.size() < count)) {
         if (X509 *x509 = q_d2i_X509(0, &data, size)) {
             certificates << QSslCertificate_from_X509(x509);
             q_X509_free(x509);