diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2023-04-28 15:27:16 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-04-28 15:27:16 +0000 |
commit | 51fd1cb8e73190d74812c5bec599e9cb7a2ca14c (patch) | |
tree | 8c8ebcd138379817f22e4d8535a458fd70fa883c | |
parent | 0711891098924fa1b798d283c2b5778c814ea032 (diff) |
Deassert X509_policy_check()
Instead of asserting that i == num_certs - 2, simply make that an error
check.
with beck
ok jsing
-rw-r--r-- | lib/libcrypto/x509/x509_policy.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_policy.c b/lib/libcrypto/x509/x509_policy.c index 0f60a11c77d..c2ef47aa0f5 100644 --- a/lib/libcrypto/x509/x509_policy.c +++ b/lib/libcrypto/x509/x509_policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_policy.c,v 1.18 2023/04/28 15:21:22 tb Exp $ */ +/* $OpenBSD: x509_policy.c,v 1.19 2023/04/28 15:27:15 tb Exp $ */ /* * Copyright (c) 2022, Google Inc. * @@ -899,7 +899,8 @@ X509_policy_check(const STACK_OF(X509) *certs, is_self_issued = (cert->ex_flags & EXFLAG_SI) != 0; if (level == NULL) { - assert(i == num_certs - 2); + if (i != num_certs - 2) + goto err; level = x509_policy_level_new(); if (level == NULL) goto err; |