diff options
| author | tb <> | 2023-04-28 15:27:15 +0000 |
|---|---|---|
| committer | tb <> | 2023-04-28 15:27:15 +0000 |
| commit | 820a4d15a33384a359895de6c354c2a6c399de7c (patch) | |
| tree | 71cce4df52423594dfbf0db073e0b1c965f6415a /src/lib/libcrypto | |
| parent | 811c33367c0d3eada321a60a930d7effbeebbf1c (diff) | |
| download | openbsd-820a4d15a33384a359895de6c354c2a6c399de7c.tar.gz openbsd-820a4d15a33384a359895de6c354c2a6c399de7c.tar.bz2 openbsd-820a4d15a33384a359895de6c354c2a6c399de7c.zip | |
Deassert X509_policy_check()
Instead of asserting that i == num_certs - 2, simply make that an error
check.
with beck
ok jsing
Diffstat (limited to 'src/lib/libcrypto')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_policy.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_policy.c b/src/lib/libcrypto/x509/x509_policy.c index 0f60a11c77..c2ef47aa0f 100644 --- a/src/lib/libcrypto/x509/x509_policy.c +++ b/src/lib/libcrypto/x509/x509_policy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_policy.c,v 1.18 2023/04/28 15:21:22 tb Exp $ */ | 1 | /* $OpenBSD: x509_policy.c,v 1.19 2023/04/28 15:27:15 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2022, Google Inc. | 3 | * Copyright (c) 2022, Google Inc. |
| 4 | * | 4 | * |
| @@ -899,7 +899,8 @@ X509_policy_check(const STACK_OF(X509) *certs, | |||
| 899 | is_self_issued = (cert->ex_flags & EXFLAG_SI) != 0; | 899 | is_self_issued = (cert->ex_flags & EXFLAG_SI) != 0; |
| 900 | 900 | ||
| 901 | if (level == NULL) { | 901 | if (level == NULL) { |
| 902 | assert(i == num_certs - 2); | 902 | if (i != num_certs - 2) |
| 903 | goto err; | ||
| 903 | level = x509_policy_level_new(); | 904 | level = x509_policy_level_new(); |
| 904 | if (level == NULL) | 905 | if (level == NULL) |
| 905 | goto err; | 906 | goto err; |