From 36d1f52b62304ee4c3c58e4d9e76e912f868d8cc Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Sat, 7 Feb 2026 17:12:47 +0000
Subject: replace buggy strncmp with strcmp found with clang-tidy

Found the same fix from davidben in BoringSSL as well (https://boringssl-review.googlesource.com/c/boringssl/+/87927). OpenSSL appears to have accidentally changed the semantics here with the HAS_PREFIX macro, which appears to be incorrect.

discussed w/ tb@ & beck@
---
 src/lib/libcrypto/x509/x509_crld.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_crld.c b/src/lib/libcrypto/x509/x509_crld.c
index 75afcefca8..40cbbbdc2c 100644
--- a/src/lib/libcrypto/x509/x509_crld.c
+++ b/src/lib/libcrypto/x509/x509_crld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_crld.c,v 1.10 2025/05/10 05:54:39 tb Exp $ */
+/* $OpenBSD: x509_crld.c,v 1.11 2026/02/07 17:12:47 bcook Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -144,7 +144,7 @@ set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf)
 	STACK_OF(GENERAL_NAME) *fnm = NULL;
 	STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
 
-	if (!strncmp(cnf->name, "fullname", 9)) {
+	if (!strcmp(cnf->name, "fullname")) {
 		fnm = gnames_from_sectname(ctx, cnf->value);
 		if (!fnm)
 			goto err;
-- 
cgit v1.2.3-55-g6feb