From: Neil Horman <nhorman@openssl.org>
Date: Wed, 24 Jul 2024 19:51:53 +0000 (-0400)
Subject: Fix second error from Coverity-161057
X-Git-Tag: openssl-3.4.0-alpha1~273
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32185d513cf8732ee0a85875ac61ee4389a86bbb;p=thirdparty%2Fopenssl.git

Fix second error from Coverity-161057

Coverity flagged a second error in this code

we're comparing block_padding and hs_padding for >= 0, which is always
true

With the change to the use of strtoul, inputs that are preceded with a -
(i.e. negative values), are caught already, so the check is redundant

just remove the check entirely

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24993)
---

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 13c7e0ff787..5e2d7c1c98d 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -680,18 +680,17 @@ static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value)
     if (commap == NULL)
         hs_padding = block_padding;
     OPENSSL_free(copy);
+
     /*
      * All we care about are non-negative values,
      * the setters check the range
      */
-    if (block_padding >= 0 || hs_padding >= 0) {
-        if (cctx->ctx)
-            rv = SSL_CTX_set_block_padding_ex(cctx->ctx, (size_t)block_padding,
-                                              (size_t)hs_padding);
-        if (cctx->ssl)
-            rv = SSL_set_block_padding_ex(cctx->ssl, (size_t)block_padding,
+    if (cctx->ctx)
+        rv = SSL_CTX_set_block_padding_ex(cctx->ctx, (size_t)block_padding,
                                           (size_t)hs_padding);
-    }
+    if (cctx->ssl)
+        rv = SSL_set_block_padding_ex(cctx->ssl, (size_t)block_padding,
+                                      (size_t)hs_padding);
     return rv;
 }