ldns_dane_match_any_cert_with_data: fix types

Both `i` and `n` should match the return type for `sk_X509_num` (which
is `int`, not `size_t`). This addresses a potential issue where
`sk_X509_num(..)` could return -1, resulting in an unnecessary number of
loop iterations and undesirable behavior.

Reported by:	Coverity
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>

diff --git a/dane.c b/dane.c
index b8487b53a825724cf997ce72e0d65d4c04182a6a..1bf4862f27156ee86340ae5259d5df47a5b2fcfc 100644 (file)
--- a/dane.c
+++ b/dane.c
@@ -625,10 +625,10 @@ ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
                ldns_rdf* data, bool ca)
 {
        ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
-       size_t n, i;
+       int n, i;
        X509* cert;
 
-       n = (size_t)sk_X509_num(chain);
+       n = sk_X509_num(chain);
        for (i = 0; i < n; i++) {
                cert = sk_X509_pop(chain);
                if (! cert) {