From: ndossche <niels.dossche@ugent.be>
Date: Thu, 9 Feb 2023 10:39:58 +0000 (+0100)
Subject: Fix incomplete error check on ASN1_item_i2d()
X-Git-Tag: openssl-3.2.0-alpha1~1223
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5df5032ab02d7a17e07435de777d730bae190253;p=thirdparty%2Fopenssl.git

Fix incomplete error check on ASN1_item_i2d()

According to the documentation and my analysis tool
ASN1_item_i2d() can return a negative value on error,
but this is not checked. Fix it by changing the error check condition.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20251)
---

diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
index 0d1f3406db8..d22925510dd 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -28,7 +28,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 
     ASN1_STRING_set0(octmp, NULL, 0);
 
-    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
+    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) <= 0) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR);
         goto err;
     }