diff options
| author | Rob Austein <sra@hactrn.net> | 2006-08-25 22:08:31 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2006-08-25 22:08:31 +0000 |
| commit | 42decf782ef8118977c8f149c79f8ea7dcd0a5a3 (patch) | |
| tree | 026606512172c1e57577204db828973c9b34dcfb | |
| parent | fc30926321b8f14d74e49a1f91fd58d7c8f7d9cb (diff) | |
Debug previously unused paths through new path validation code.
svn path=/openssl/trunk/crypto/x509v3/v3_addr.c; revision=228
| -rw-r--r-- | openssl/trunk/crypto/x509v3/v3_addr.c | 10 | ||||
| -rw-r--r-- | openssl/trunk/crypto/x509v3/v3_asid.c | 4 |
2 files changed, 7 insertions, 7 deletions
diff --git a/openssl/trunk/crypto/x509v3/v3_addr.c b/openssl/trunk/crypto/x509v3/v3_addr.c index ee1ea53b..464b7628 100644 --- a/openssl/trunk/crypto/x509v3/v3_addr.c +++ b/openssl/trunk/crypto/x509v3/v3_addr.c @@ -1060,7 +1060,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, int i, j, ret = 1; X509 *x; - assert(chain != NULL); + assert(chain != NULL && sk_X509_num(chain) > 0); assert(ctx != NULL || resource_set != NULL); assert(ctx == NULL || ctx->verify_cb != NULL); @@ -1087,7 +1087,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, * extension, we're done. Otherwise, we need to check the chain. */ i = 0; - x = sk_X509_value(ctx->chain, i); + x = sk_X509_value(chain, i); assert(x != NULL); if (x->rfc3779_addr == NULL) goto done; @@ -1107,8 +1107,8 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, * Now walk up the chain. No cert may list resources that its * parent doesn't list. */ - for (i++; i < sk_X509_num(ctx->chain); i++) { - x = sk_X509_value(ctx->chain, i); + for (i++; i < sk_X509_num(chain); i++) { + x = sk_X509_value(chain, i); assert(x != NULL); if (!v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); @@ -1182,7 +1182,7 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain, { if (resource_set == NULL) return 1; - if (chain == NULL) + if (chain == NULL || sk_X509_num(chain) == 0) return 0; return v3_addr_validate_path_internal(NULL, chain, resource_set); } diff --git a/openssl/trunk/crypto/x509v3/v3_asid.c b/openssl/trunk/crypto/x509v3/v3_asid.c index eb4077a1..4420cc66 100644 --- a/openssl/trunk/crypto/x509v3/v3_asid.c +++ b/openssl/trunk/crypto/x509v3/v3_asid.c @@ -619,7 +619,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; - assert(chain != NULL); + assert(chain != NULL && sk_X509_num(chain) > 0); assert(ctx != NULL || resource_set != NULL); assert(ctx == NULL || ctx->verify_cb != NULL); @@ -772,7 +772,7 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, { if (resource_set == NULL) return 1; - if (chain == NULL) + if (chain == NULL || sk_X509_num(chain) == 0) return 0; return v3_asid_validate_path_internal(NULL, chain, resource_set); } |