gnutls_x509_crt_get_extension_data: will return zero if data is NULL and memory buffer size is not sufficient.

1 files changed, 8 insertions, 3 deletions

diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index f1f581a4e2..0ceb46106e 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2037,7 +2037,7 @@ gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, int indx,
  * @cert: should contain a #gnutls_x509_crt_t structure
  * @indx: Specifies which extension OID to send. Use (0) to get the first one.
  * @data: a pointer to a structure to hold the data (may be null)
- * @sizeof_data: initially holds the size of @oid
+ * @sizeof_data: initially holds the size of @data
  *
  * This function will return the requested extension data in the
  * certificate.  The extension data will be stored in the
@@ -2072,9 +2072,14 @@ gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, int indx,
 	result = asn1_read_value(cert->cert, name, data, &len);
 	*sizeof_data = len;
 
-	if (result == ASN1_ELEMENT_NOT_FOUND)
+	if (result == ASN1_ELEMENT_NOT_FOUND) {
 		return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-	else if (result != ASN1_SUCCESS) {
+	} else if (result == ASN1_MEM_ERROR && data == NULL) {
+		/* normally we should return GNUTLS_E_SHORT_MEMORY_BUFFER,
+		 * but we haven't done that for long time, so use
+		 * backwards compatible behavior */
+		return 0;
+	} else if (result != ASN1_SUCCESS) {
 		gnutls_assert();
 		return _gnutls_asn2err(result);
 	}