From: Pauli <pauli@openssl.org>
Date: Wed, 9 Feb 2022 00:17:57 +0000 (+1100)
Subject: Change condition to avoid spurious compiler complaints.
X-Git-Tag: openssl-3.2.0-alpha1~2952
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b84c6e86dd8ca88444207080808d1d598856041f;p=thirdparty%2Fopenssl.git

Change condition to avoid spurious compiler complaints.

X509_TRUST_get0() is checking < 0, the code here was checking == -1.  Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).

Fixes #17665

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)
---

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index e71db0c9a1c..bf674737f89 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -134,7 +134,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     /* Get existing entry if any */
     idx = X509_TRUST_get_by_id(id);
     /* Need a new entry */
-    if (idx == -1) {
+    if (idx < 0) {
         if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
             ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
             return 0;