From 0a14eafb1337298d0faaaab43e42be9ce3c65279 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 14 Sep 2020 08:56:32 +0000
Subject: fix bug introduced on review where refactor made it possible to eat a
 NULL.

found by clang static analyzer
ok tb@
---
 src/lib/libcrypto/x509/x509_verify.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index aeab03ffc2..6179d19cae 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.2 2020/09/14 08:06:09 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.3 2020/09/14 08:56:32 beck Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -646,7 +646,7 @@ x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
 	int should_be_ca = current_chain != NULL;
 	size_t depth = 0;
 
-	if (!should_be_ca)
+	if (current_chain != NULL)
 		depth = sk_X509_num(current_chain->certs);
 
 	if (!x509_verify_cert_extensions(ctx, cert, should_be_ca))
-- 
cgit v1.2.3-55-g6feb