(parse_pem_ca_mem): Handle reads beyond first certificate properly.

Reported by Dennis Vshivkov <walrus@amur.ru> in <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333050>.
author: Simon Josefsson <jas@mocca.josefsson.org> 2007-05-27 17:23:21 +0200
committer: Simon Josefsson <jas@mocca.josefsson.org> 2007-05-27 17:23:21 +0200
commit: 9ea2c0d9577baee58d8157ffb1debb430d256bba (patch)
tree: 0930c22998296d3a80b4711e6e54ef61c7c932f3 /lib/gnutls_x509.c
parent: eeccf7ae2bd5840a0ba5580fd0e74d50340033c0 (diff)
download: gnutls-9ea2c0d9577baee58d8157ffb1debb430d256bba.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 5172cfb033..d4b66ac500 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1153,21 +1153,21 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
       /* now we move ptr after the pem header 
        */
       ptr++;
+      size--;
       /* find the next certificate (if any)
        */
 
-      size = input_cert_size - (ptr - input_cert);
-
       if (size > 0)
 	{
 	  char *ptr3;
 
 	  ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
 	  if (ptr3 == NULL)
-	    ptr = memmem (ptr, size,
+	    ptr3 = memmem (ptr, size,
 			  PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
 
 	  ptr = ptr3;
+	  size = input_cert_size - (ptr - input_cert);
 	}
       else
 	ptr = NULL;
author	Simon Josefsson <jas@mocca.josefsson.org>	2007-05-27 17:23:21 +0200
committer	Simon Josefsson <jas@mocca.josefsson.org>	2007-05-27 17:23:21 +0200
commit	9ea2c0d9577baee58d8157ffb1debb430d256bba (patch)
tree	0930c22998296d3a80b4711e6e54ef61c7c932f3 /lib/gnutls_x509.c
parent	eeccf7ae2bd5840a0ba5580fd0e74d50340033c0 (diff)
download	gnutls-9ea2c0d9577baee58d8157ffb1debb430d256bba.tar.gz