From 74bcbea76ff180c3eb27a141be99b7b577eec81c Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 12 Apr 2021 09:58:27 +0200
Subject: [PATCH] X509_NAME_cmp: if canon_enclen is 0 for both names return 0

We do not care whether canon_enc is NULL in this case.

Fixes #14813

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14832)
---
 crypto/x509/x509_cmp.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 51dc24b6fb3..0cc5ed7f5f7 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -269,11 +269,14 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
             return -2;
     }
 
+    ret = a->canon_enclen - b->canon_enclen;
+    if (ret == 0 && a->canon_enclen == 0)
+        return 0;
+
     if (a->canon_enc == NULL || b->canon_enc == NULL)
         return -2;
 
-    ret = a->canon_enclen - b->canon_enclen;
-    if (ret == 0 && a->canon_enclen != 0)
+    if (ret == 0)
         ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
 
     return ret < 0 ? -1 : ret > 0;
-- 
2.47.2