From: Enji Cooper <yaneurabeya@gmail.com>
Date: Thu, 6 Jun 2024 05:27:34 +0000 (-0700)
Subject: ldns_dane_match_any_cert_with_data: fix types
X-Git-Tag: release-1.8.4-rc1~31^2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F241%2Fhead;p=thirdparty%2Fldns.git

ldns_dane_match_any_cert_with_data: fix types

Both `i` and `n` should match the return type for `sk_X509_num` (which
is `int`, not `size_t`). This addresses a potential issue where
`sk_X509_num(..)` could return -1, resulting in an unnecessary number of
loop iterations and undesirable behavior.

Reported by:	Coverity
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
---

diff --git a/dane.c b/dane.c
index b8487b53..1bf4862f 100644
--- a/dane.c
+++ b/dane.c
@@ -625,10 +625,10 @@ ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
 		ldns_rdf* data, bool ca)
 {
 	ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
-	size_t n, i;
+	int n, i;
 	X509* cert;
 
-	n = (size_t)sk_X509_num(chain);
+	n = sk_X509_num(chain);
 	for (i = 0; i < n; i++) {
 		cert = sk_X509_pop(chain);
 		if (! cert) {