From 3a430522dac3c164fbbd69960114a971134172ec Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 8 Jun 2020 14:23:40 -0600
Subject: [PATCH] fix error checking when parsing a PKCS12 DER into an internal
 structure

---
 wolfcrypt/src/pkcs12.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
index 8ae500417..21cbebaf2 100644
--- a/wolfcrypt/src/pkcs12.c
+++ b/wolfcrypt/src/pkcs12.c
@@ -190,6 +190,7 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
 }
 
 
+/* return 0 on success */
 static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
                           word32* idx, int maxIdx)
 {
@@ -228,7 +229,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
     }
     if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
         freeSafe(safe, pkcs12->heap);
-        return ret;
+        return ASN_PARSE_E;
     }
 
     switch (oid) {
@@ -251,7 +252,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
             }
             if ((ret = GetLength(input, &localIdx, &size, maxIdx)) <= 0) {
                 freeSafe(safe, pkcs12->heap);
-                return ret;
+                return ASN_PARSE_E;
             }
 
             break;
@@ -350,7 +351,8 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
 }
 
 
-/* optional mac data */
+/* parse optional mac data
+ * return 0 on success */
 static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
                        word32 totalSz)
 {
@@ -366,7 +368,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
      */
     if ((ret = GetSequence(mem, &curIdx, &size, totalSz)) <= 0) {
         WOLFSSL_MSG("Failed to get PKCS12 sequence");
-        return ret;
+        return ASN_PARSE_E;
     }
 
 #ifdef WOLFSSL_DEBUG_PKCS12
@@ -405,7 +407,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx,
 
     if ((ret = GetLength(mem, &curIdx, &size, totalSz)) <= 0) {
         XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-        return ret;
+        return ASN_PARSE_E;
     }
     mac->digestSz = size;
     mac->digest = (byte*)XMALLOC(mac->digestSz, pkcs12->heap,
@@ -637,7 +639,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
     totalSz = derSz;
     if ((ret = GetSequence(der, &idx, &size, totalSz)) <= 0) {
         WOLFSSL_MSG("Failed to get PKCS12 sequence");
-        return ret;
+        return ASN_PARSE_E;
     }
 
     /* get version */