From adda22c128fa6c9942e64ac8a2c345a67143b1f8 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 15 Aug 2006 20:25:56 +0000
Subject: Handle policy check at trust anchor

svn path=/openssl/trunk/crypto/x509v3/pcy_tree.c; revision=152
---
 openssl/trunk/crypto/x509v3/pcy_tree.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'openssl')

diff --git a/openssl/trunk/crypto/x509v3/pcy_tree.c b/openssl/trunk/crypto/x509v3/pcy_tree.c
index 1c68ce33..511881d7 100644
--- a/openssl/trunk/crypto/x509v3/pcy_tree.c
+++ b/openssl/trunk/crypto/x509v3/pcy_tree.c
@@ -628,6 +628,16 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
 		/* Tree OK: continue */
 
 		case 1:
+		if (!tree)
+			/*
+			 * tree_init() returns success and a null tree
+			 * if it's just looking at a trust anchor.
+			 * I'm not sure that returning success here is
+			 * correct, but I'm sure that reporting this
+			 * as an internal error which our caller
+			 * interprets as a malloc failure is wrong.
+			 */
+			return 1;
 		break;
 		}
 
-- 
cgit v1.2.3