summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2016-11-04 15:32:40 +0000
committerjsing <>2016-11-04 15:32:40 +0000
commit03126b95d2a473604e960ba32c4e0237f4ae4e89 (patch)
treed680421dae2235d5c142389632653c69129bd616
parente23d00ab37299e14c06d5d2b599a3793e3d0575c (diff)
downloadopenbsd-03126b95d2a473604e960ba32c4e0237f4ae4e89.tar.gz
openbsd-03126b95d2a473604e960ba32c4e0237f4ae4e89.tar.bz2
openbsd-03126b95d2a473604e960ba32c4e0237f4ae4e89.zip
Avoid signed vs unsigned comparisons.
ok miod@
Diffstat
-rw-r--r--src/lib/libtls/tls_verify.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c
index e1073e863a..23e58ebef7 100644
--- a/src/lib/libtls/tls_verify.c
+++ b/src/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_verify.c,v 1.17 2016/09/04 12:26:43 bcook Exp $ */ 1/* $OpenBSD: tls_verify.c,v 1.18 2016/11/04 15:32:40 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * 4 *
@@ -127,7 +127,7 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
127 data = ASN1_STRING_data(altname->d.dNSName); 127 data = ASN1_STRING_data(altname->d.dNSName);
128 len = ASN1_STRING_length(altname->d.dNSName); 128 len = ASN1_STRING_length(altname->d.dNSName);
129 129
130 if (len < 0 || len != strlen(data)) { 130 if (len < 0 || (size_t)len != strlen(data)) {
131 tls_set_errorx(ctx, 131 tls_set_errorx(ctx,
132 "error verifying name '%s': " 132 "error verifying name '%s': "
133 "NUL byte in subjectAltName, " 133 "NUL byte in subjectAltName, "
@@ -220,7 +220,8 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name)
220 common_name_len + 1); 220 common_name_len + 1);
221 221
222 /* NUL bytes in CN? */ 222 /* NUL bytes in CN? */
223 if (common_name_len != strlen(common_name)) { 223 if (common_name_len < 0 ||
224 (size_t)common_name_len != strlen(common_name)) {
224 tls_set_errorx(ctx, "error verifying name '%s': " 225 tls_set_errorx(ctx, "error verifying name '%s': "
225 "NUL byte in Common Name field, " 226 "NUL byte in Common Name field, "
226 "probably a malicious certificate", name); 227 "probably a malicious certificate", name);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 03:13:08 +0000