fix bug introduced on review where refactor made it possible to

eat a NULL. found by clang static analyzer ok tb@
author: beck <> 2020-09-14 08:56:32 +0000
committer: beck <> 2020-09-14 08:56:32 +0000
commit: 0a14eafb1337298d0faaaab43e42be9ce3c65279 (patch)
tree: c17ef250edeb05ed14fb6629e40fa7c01ad78a9c /src/lib
parent: b2df50a3d7682fa5e94277c6dc12050205ba854c (diff)
download: openbsd-0a14eafb1337298d0faaaab43e42be9ce3c65279.tar.gz
openbsd-0a14eafb1337298d0faaaab43e42be9ce3c65279.tar.bz2
openbsd-0a14eafb1337298d0faaaab43e42be9ce3c65279.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index aeab03ffc2..6179d19cae 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.2 2020/09/14 08:06:09 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.3 2020/09/14 08:56:32 beck Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -646,7 +646,7 @@ x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
        int should_be_ca = current_chain != NULL;
        size_t depth = 0;
-        if (!should_be_ca)
+        if (current_chain != NULL)
                depth = sk_X509_num(current_chain->certs);
        if (!x509_verify_cert_extensions(ctx, cert, should_be_ca))
author	beck <>	2020-09-14 08:56:32 +0000
committer	beck <>	2020-09-14 08:56:32 +0000
commit	0a14eafb1337298d0faaaab43e42be9ce3c65279 (patch)
tree	c17ef250edeb05ed14fb6629e40fa7c01ad78a9c /src/lib
parent	b2df50a3d7682fa5e94277c6dc12050205ba854c (diff)
download	openbsd-0a14eafb1337298d0faaaab43e42be9ce3c65279.tar.gz openbsd-0a14eafb1337298d0faaaab43e42be9ce3c65279.tar.bz2 openbsd-0a14eafb1337298d0faaaab43e42be9ce3c65279.zip

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index aeab03ffc2..6179d19cae 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_verify.c,v 1.2 2020/09/14 08:06:09 beck Exp $ */	1	/* $OpenBSD: x509_verify.c,v 1.3 2020/09/14 08:56:32 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -646,7 +646,7 @@ x509_verify_cert_valid(struct x509_verify_ctx ctx, X509 cert,
646	int should_be_ca = current_chain != NULL;	646	int should_be_ca = current_chain != NULL;
647	size_t depth = 0;	647	size_t depth = 0;
648		648
649	if (!should_be_ca)	649	if (current_chain != NULL)
650	depth = sk_X509_num(current_chain->certs);	650	depth = sk_X509_num(current_chain->certs);
651		651
652	if (!x509_verify_cert_extensions(ctx, cert, should_be_ca))	652	if (!x509_verify_cert_extensions(ctx, cert, should_be_ca))