diff options
| author |   jsing <jsing@openbsd.org> | 2021-02-25 16:57:10 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-02-25 16:57:10 +0000 |
| commit | d963395a74aa582487bb878f0de671997d3b9a09 (patch) | |
| tree | ce0cc58235e5285a17d56fa555934a4d5104d262 | |
| parent | - Make use of the fact that we know how the chunks are aligned, and (diff) | |
| download | wireguard-openbsd-d963395a74aa582487bb878f0de671997d3b9a09.tar.xz wireguard-openbsd-d963395a74aa582487bb878f0de671997d3b9a09.zip | |
Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.
In x509_verify_ctx_set_xsc_chain(), an ENOMEM case is currently passing
the last certificate and depth (which is no longer actually depth) to
x509_verify_cert_error(). Given we've hit an ENOMEM situation, neither
of these are useful so remove both.
ok tb@
| -rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 598e268d372..62cbb7cef80 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.31 2021/02/24 17:59:05 tb Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.32 2021/02/25 16:57:10 jsing Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> * @@ -197,7 +197,6 @@ static int x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx, struct x509_verify_chain *chain, int set_error, int is_trusted) { - X509 *last = x509_verify_chain_last(chain); size_t depth; int i; @@ -218,7 +217,7 @@ x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx, sk_X509_pop_free(ctx->xsc->chain, X509_free); ctx->xsc->chain = X509_chain_up_ref(chain->certs); if (ctx->xsc->chain == NULL) - return x509_verify_cert_error(ctx, last, depth, + return x509_verify_cert_error(ctx, NULL, 0, X509_V_ERR_OUT_OF_MEM, 0); if (set_error) { |