Deassert X509_policy_check()

Instead of asserting that i == num_certs - 2, simply make that an error check. with beck ok jsing
author: tb <> 2023-04-28 15:27:15 +0000
committer: tb <> 2023-04-28 15:27:15 +0000
commit: 66d5d7d5b34bf542137abdb15c68ec1be3f500d7 (patch)
tree: 71cce4df52423594dfbf0db073e0b1c965f6415a
parent: 94f494cef30a7803f4fded9f2a5895a46c0b136b (diff)
download: openbsd-66d5d7d5b34bf542137abdb15c68ec1be3f500d7.tar.gz
openbsd-66d5d7d5b34bf542137abdb15c68ec1be3f500d7.tar.bz2
openbsd-66d5d7d5b34bf542137abdb15c68ec1be3f500d7.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_policy.c b/src/lib/libcrypto/x509/x509_policy.c
index 0f60a11c77..c2ef47aa0f 100644
--- a/src/lib/libcrypto/x509/x509_policy.c
+++ b/src/lib/libcrypto/x509/x509_policy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_policy.c,v 1.18 2023/04/28 15:21:22 tb Exp $ */
+/*      $OpenBSD: x509_policy.c,v 1.19 2023/04/28 15:27:15 tb Exp $ */
 /*
 * Copyright (c) 2022, Google Inc.
 *
@@ -899,7 +899,8 @@ X509_policy_check(const STACK_OF(X509) *certs,
                is_self_issued = (cert->ex_flags & EXFLAG_SI) != 0;
                if (level == NULL) {
-                        assert(i == num_certs - 2);
+                        if (i != num_certs - 2)
+                                goto err;
                        level = x509_policy_level_new();
                        if (level == NULL)
                                goto err;
author	tb <>	2023-04-28 15:27:15 +0000
committer	tb <>	2023-04-28 15:27:15 +0000
commit	66d5d7d5b34bf542137abdb15c68ec1be3f500d7 (patch)
tree	71cce4df52423594dfbf0db073e0b1c965f6415a
parent	94f494cef30a7803f4fded9f2a5895a46c0b136b (diff)
download	openbsd-66d5d7d5b34bf542137abdb15c68ec1be3f500d7.tar.gz openbsd-66d5d7d5b34bf542137abdb15c68ec1be3f500d7.tar.bz2 openbsd-66d5d7d5b34bf542137abdb15c68ec1be3f500d7.zip