summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2023-04-28 15:27:16 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2023-04-28 15:27:16 +0000
commit51fd1cb8e73190d74812c5bec599e9cb7a2ca14c (patch)
tree8c8ebcd138379817f22e4d8535a458fd70fa883c
parent0711891098924fa1b798d283c2b5778c814ea032 (diff)
Deassert X509_policy_check()
Instead of asserting that i == num_certs - 2, simply make that an error check. with beck ok jsing
-rw-r--r--lib/libcrypto/x509/x509_policy.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_policy.c b/lib/libcrypto/x509/x509_policy.c
index 0f60a11c77d..c2ef47aa0f5 100644
--- a/lib/libcrypto/x509/x509_policy.c
+++ b/lib/libcrypto/x509/x509_policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_policy.c,v 1.18 2023/04/28 15:21:22 tb Exp $ */
+/* $OpenBSD: x509_policy.c,v 1.19 2023/04/28 15:27:15 tb Exp $ */
/*
* Copyright (c) 2022, Google Inc.
*
@@ -899,7 +899,8 @@ X509_policy_check(const STACK_OF(X509) *certs,
is_self_issued = (cert->ex_flags & EXFLAG_SI) != 0;
if (level == NULL) {
- assert(i == num_certs - 2);
+ if (i != num_certs - 2)
+ goto err;
level = x509_policy_level_new();
if (level == NULL)
goto err;