Anything covers a null resource set

svn path=/openssl/trunk/crypto/x509v3/v3_addr.c; revision=224

2 files changed, 10 insertions, 4 deletions

diff --git a/openssl/trunk/crypto/x509v3/v3_addr.c b/openssl/trunk/crypto/x509v3/v3_addr.c
index ee87fa25..ee1ea53b 100644
--- a/openssl/trunk/crypto/x509v3/v3_addr.c
+++ b/openssl/trunk/crypto/x509v3/v3_addr.c
@@ -1174,12 +1174,15 @@ int v3_addr_validate_path(X509_STORE_CTX *ctx)
 }
 
 /*
- * RFC 3779 2.3 path validation of a "resource set"
+ * RFC 3779 2.3 path validation of a "resource set".
+ * Test whether chain covers resource_set.
  */
 int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
 				  IPAddrBlocks *resource_set)
 {
-  if (chain == NULL || resource_set == NULL)
+  if (resource_set == NULL)
+    return 1;
+  if (chain == NULL)
     return 0;
   return v3_addr_validate_path_internal(NULL, chain, resource_set);
 }
diff --git a/openssl/trunk/crypto/x509v3/v3_asid.c b/openssl/trunk/crypto/x509v3/v3_asid.c
index f3185d1e..eb4077a1 100644
--- a/openssl/trunk/crypto/x509v3/v3_asid.c
+++ b/openssl/trunk/crypto/x509v3/v3_asid.c
@@ -764,12 +764,15 @@ int v3_asid_validate_path(X509_STORE_CTX *ctx)
 }
 
 /*
- * RFC 3779 3.3 path validation of a "resource set"
+ * RFC 3779 3.3 path validation of a "resource set".
+ * Test whether chain covers resource_set.
  */
 int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
 				  ASIdentifiers *resource_set)
 {
-  if (chain == NULL || resource_set == NULL)
+  if (resource_set == NULL)
+    return 1;
+  if (chain == NULL)
     return 0;
   return v3_asid_validate_path_internal(NULL, chain, resource_set);
 }