PR: 1863
Submitted by: Ger Hobbelt <ger@hobbelt.com> Reviewed by: steve@openssl.org Check return value, use OPENSSL_assert and unsigned int.
This commit is contained in:
Dr. Stephen Henson
parent
910b484975
commit
be98d6b9ad
1 changed files with 17 additions and 14 deletions
|
|
@ -61,7 +61,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
|
@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi)
|
|||
/*
|
||||
* Extract the AFI from an IPAddressFamily.
|
||||
*/
|
||||
unsigned v3_addr_get_afi(const IPAddressFamily *f)
|
||||
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
|
||||
{
|
||||
return ((f != NULL &&
|
||||
f->addressFamily != NULL &&
|
||||
|
|
@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr,
|
|||
const int length,
|
||||
const unsigned char fill)
|
||||
{
|
||||
assert(bs->length >= 0 && bs->length <= length);
|
||||
OPENSSL_assert(bs->length >= 0 && bs->length <= length);
|
||||
if (bs->length > 0) {
|
||||
memcpy(addr, bs->data, bs->length);
|
||||
if ((bs->flags & 7) != 0) {
|
||||
|
|
@ -245,7 +245,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
|
|||
int i;
|
||||
for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
|
||||
IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
|
||||
const unsigned afi = v3_addr_get_afi(f);
|
||||
const unsigned int afi = v3_addr_get_afi(f);
|
||||
switch (afi) {
|
||||
case IANA_AFI_IPV4:
|
||||
BIO_printf(out, "%*sIPv4", indent, "");
|
||||
|
|
@ -455,7 +455,7 @@ static int make_addressRange(IPAddressOrRange **result,
|
|||
if ((aor = IPAddressOrRange_new()) == NULL)
|
||||
return 0;
|
||||
aor->type = IPAddressOrRange_addressRange;
|
||||
assert(aor->u.addressRange == NULL);
|
||||
OPENSSL_assert(aor->u.addressRange == NULL);
|
||||
if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
|
||||
goto err;
|
||||
if (aor->u.addressRange->min == NULL &&
|
||||
|
|
@ -524,7 +524,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
|
|||
|
||||
for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
|
||||
f = sk_IPAddressFamily_value(addr, i);
|
||||
assert(f->addressFamily->data != NULL);
|
||||
OPENSSL_assert(f->addressFamily->data != NULL);
|
||||
if (f->addressFamily->length == keylen &&
|
||||
!memcmp(f->addressFamily->data, key, keylen))
|
||||
return f;
|
||||
|
|
@ -656,7 +656,7 @@ static void extract_min_max(IPAddressOrRange *aor,
|
|||
unsigned char *max,
|
||||
int length)
|
||||
{
|
||||
assert(aor != NULL && min != NULL && max != NULL);
|
||||
OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
|
||||
switch (aor->type) {
|
||||
case IPAddressOrRange_addressPrefix:
|
||||
addr_expand(min, aor->u.addressPrefix, length, 0x00);
|
||||
|
|
@ -882,7 +882,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
|
|||
}
|
||||
(void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
|
||||
sk_IPAddressFamily_sort(addr);
|
||||
assert(v3_addr_is_canonical(addr));
|
||||
OPENSSL_assert(v3_addr_is_canonical(addr));
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -1129,7 +1129,10 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
|
|||
for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
|
||||
IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
|
||||
int j = sk_IPAddressFamily_find(b, fa);
|
||||
IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
|
||||
IPAddressFamily *fb;
|
||||
fb = sk_IPAddressFamily_value(b, j);
|
||||
if (fb == NULL)
|
||||
return 0;
|
||||
if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
|
||||
fa->ipAddressChoice->u.addressesOrRanges,
|
||||
length_from_afi(v3_addr_get_afi(fb))))
|
||||
|
|
@ -1166,9 +1169,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
|
|||
int i, j, ret = 1;
|
||||
X509 *x = NULL;
|
||||
|
||||
assert(chain != NULL && sk_X509_num(chain) > 0);
|
||||
assert(ctx != NULL || ext != NULL);
|
||||
assert(ctx == NULL || ctx->verify_cb != NULL);
|
||||
OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
|
||||
OPENSSL_assert(ctx != NULL || ext != NULL);
|
||||
OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
|
||||
|
||||
/*
|
||||
* Figure out where to start. If we don't have an extension to
|
||||
|
|
@ -1180,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
|
|||
} else {
|
||||
i = 0;
|
||||
x = sk_X509_value(chain, i);
|
||||
assert(x != NULL);
|
||||
OPENSSL_assert(x != NULL);
|
||||
if ((ext = x->rfc3779_addr) == NULL)
|
||||
goto done;
|
||||
}
|
||||
|
|
@ -1199,7 +1202,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
|
|||
*/
|
||||
for (i++; i < sk_X509_num(chain); i++) {
|
||||
x = sk_X509_value(chain, i);
|
||||
assert(x != NULL);
|
||||
OPENSSL_assert(x != NULL);
|
||||
if (!v3_addr_is_canonical(x->rfc3779_addr))
|
||||
validation_err(X509_V_ERR_INVALID_EXTENSION);
|
||||
if (x->rfc3779_addr == NULL) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue