OpenSSL: Avoid undefined behavior in altSubjectName matching

Skip NULL + 1 calculation (i.e., undefined behavior) when going to exit
the loop anyway due to end == NULL.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index e225817feed83438eba7d814b77c47b390b732c4..77f39c63d23e10a7489d24e22d8ebf19d0cba442 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2056,6 +2056,8 @@ static int tls_match_altsubject(X509 *cert, const char *match)
                        len = os_strlen(pos);
                if (tls_match_altsubject_component(cert, type, pos, len) > 0)
                        return 1;
+               if (!end)
+                       break;
                pos = end + 1;
        } while (end);