From 7bdac59ad7152a6e6584deb04ab7150c5b3fbe37 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 29 Aug 2017 17:29:33 +0100 Subject: [PATCH] Add missing return in x509_ocsp_get_response() Add missing return statement in x509_ocsp_get_response() that would otherwise allow the code to continue executing even though a parsing failure has already been found. --- library/x509_ocsp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509_ocsp.c b/library/x509_ocsp.c index dbd0b7ac4e..fdf4d7998e 100644 --- a/library/x509_ocsp.c +++ b/library/x509_ocsp.c @@ -924,6 +924,7 @@ static int x509_ocsp_get_response( mbedtls_x509_ocsp_response *resp, */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); end = *p + len;