From: ndossche <niels.dossche@ugent.be>
Date: Fri, 3 Feb 2023 12:43:03 +0000 (+0100)
Subject: Fix incomplete error check on BIO_set_accept_name()
X-Git-Tag: openssl-3.2.0-alpha1~1314
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a811b6305b1f98e8ec66b8a426d359150fea69b2;p=thirdparty%2Fopenssl.git

Fix incomplete error check on BIO_set_accept_name()

BIO_set_accept_name() can return error values -1 and 0 according to
my analysis tool and the documentation. Documentation says a value of 1
indicates success. Currently, only an error value != 0 is checked which
erroneously interprets a -1 error return value as success.
Fix it by changing the check condition.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20206)
---

diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 806186ae41e..9514727cdf6 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -568,7 +568,7 @@ BIO *BIO_new_accept(const char *str)
     ret = BIO_new(BIO_s_accept());
     if (ret == NULL)
         return NULL;
-    if (BIO_set_accept_name(ret, str))
+    if (BIO_set_accept_name(ret, str) > 0)
         return ret;
     BIO_free(ret);
     return NULL;