]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7c3c737)
We can't check policy if we got an empty stack of certs
authorDmitry Belyavskiy <beldmit@gmail.com>
Wed, 14 Aug 2024 12:40:39 +0000 (14:40 +0200)
committerDmitry Belyavskiy <beldmit@gmail.com>
Sat, 17 Aug 2024 16:09:15 +0000 (18:09 +0200)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25186)

crypto/x509/pcy_tree.c patch | blob | blame | history

diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index d7307b12dabb480569b749daeb01ba4b6657b095..86e3afc8814362837b229a40ace3f7081f80f6ae 100644 (file)
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -110,6 +110,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
 
     *ptree = NULL;
 
+    if (n < 0)
+        return X509_PCY_TREE_INTERNAL;
     /* Can't do anything with just a trust anchor */
     if (n == 0)
         return X509_PCY_TREE_EMPTY;
Mirror of https://github.com/openssl/openssl.git