From 41baa1b274bc3870ce7bbce17b23f6e0820a1a93 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 24 Dec 2021 01:56:08 +0000
Subject: Turn assert in X509v3_addr_canonize() into an error check.

All internal callers check the return value and future external
callers will be happy not to hit an assert from the library.

ok jsing
---
 src/lib/libcrypto/x509/x509_addr.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 266562fd9a..894dfff501 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_addr.c,v 1.22 2021/12/23 23:48:38 tb Exp $ */
+/*	$OpenBSD: x509_addr.c,v 1.23 2021/12/24 01:56:08 tb Exp $ */
 /*
  * Contributed to the OpenSSL Project by the American Registry for
  * Internet Numbers ("ARIN").
@@ -1145,6 +1145,7 @@ int
 X509v3_addr_canonize(IPAddrBlocks *addr)
 {
 	int i;
+
 	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
 		IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
 		if (f->ipAddressChoice->type ==
@@ -1153,10 +1154,11 @@ X509v3_addr_canonize(IPAddrBlocks *addr)
 		    X509v3_addr_get_afi(f)))
 			return 0;
 	}
+
 	(void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
 	sk_IPAddressFamily_sort(addr);
-	OPENSSL_assert(X509v3_addr_is_canonical(addr));
-	return 1;
+
+	return X509v3_addr_is_canonical(addr);
 }
 
 /*
-- 
cgit v1.2.3-55-g6feb