From b109433501fb53f4cebfff755a53ed7b6128c489 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 15 Sep 2010 22:43:00 +0000 Subject: [PATCH] In the PKINIT OpenSSL crypto code, use a signed int to hold the result of X509_get_ext_by_NID so we can detect negative return values. Reported by nalin@redhat.com. ticket: 6774 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24323 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index a109a6797..bb8f036da 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -1767,7 +1767,7 @@ crypto_retrieve_X509_sans(krb5_context context, { krb5_error_code retval = EINVAL; char buf[DN_BUF_LEN]; - int p = 0, u = 0, d = 0; + int p = 0, u = 0, d = 0, l; krb5_principal *princs = NULL; krb5_principal *upns = NULL; unsigned char **dnss = NULL; @@ -1787,14 +1787,14 @@ crypto_retrieve_X509_sans(krb5_context context, buf, sizeof(buf)); pkiDebug("%s: looking for SANs in cert = %s\n", __FUNCTION__, buf); - if ((i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) { + if ((l = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) { X509_EXTENSION *ext = NULL; GENERAL_NAMES *ialt = NULL; GENERAL_NAME *gen = NULL; int ret = 0; unsigned int num_sans = 0; - if (!(ext = X509_get_ext(cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) { + if (!(ext = X509_get_ext(cert, l)) || !(ialt = X509V3_EXT_d2i(ext))) { pkiDebug("%s: found no subject alt name extensions\n", __FUNCTION__); goto cleanup; -- 2.26.2