From: Anton Moryakov Date: Thu, 22 Jan 2026 14:51:12 +0000 (+0300) Subject: crypto: x509: fix unreachable code in X509V3_get_section and X509V3_get_string X-Git-Tag: openssl-4.0.0-alpha1~463 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a3e67efa015ca68f2e2be00889d92612f5bb5040;p=thirdparty%2Fopenssl.git crypto: x509: fix unreachable code in X509V3_get_section and X509V3_get_string The functions X509V3_get_section() and X509V3_get_string() contain a redundant null check after an identical check has already guaranteed that the function pointer (ctx->db_meth->get_section / get_string) is non-NULL. As a result, the final 'return NULL;' statement is unreachable. This change removes the redundant condition and the dead code, improving code clarity and eliminating warnings from static analyzers. Signed-off-by: Anton Moryakov Reviewed-by: Paul Dale Reviewed-by: Tim Hudson MergeDate: Mon Jan 26 15:28:01 2026 (Merged from https://github.com/openssl/openssl/pull/29692) --- diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c index f9350d63813..343bdf89314 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -399,9 +399,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) ERR_raise(ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED); return NULL; } - if (ctx->db_meth->get_string) - return ctx->db_meth->get_string(ctx->db, name, section); - return NULL; + return ctx->db_meth->get_string(ctx->db, name, section); } STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) @@ -410,9 +408,7 @@ STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) ERR_raise(ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED); return NULL; } - if (ctx->db_meth->get_section) - return ctx->db_meth->get_section(ctx->db, section); - return NULL; + return ctx->db_meth->get_section(ctx->db, section); } void X509V3_string_free(X509V3_CTX *ctx, char *str)