diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-09-15 22:43:00 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-09-15 22:43:00 +0000 |
| commit | b109433501fb53f4cebfff755a53ed7b6128c489 (patch) | |
| tree | bbafe76ba258c04beae12359ee22fe550479ddbd /src/plugins/preauth | |
| parent | e5df86bd6e1bb1ee5b14ddde8c0cbf14c47753e8 (diff) | |
| download | krb5-b109433501fb53f4cebfff755a53ed7b6128c489.tar.gz krb5-b109433501fb53f4cebfff755a53ed7b6128c489.tar.xz krb5-b109433501fb53f4cebfff755a53ed7b6128c489.zip | |
In the PKINIT OpenSSL crypto code, use a signed int to hold the result
of X509_get_ext_by_NID so we can detect negative return values.
Reported by nalin@redhat.com.
ticket: 6774
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24323 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/preauth')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index a109a6797..bb8f036da 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -1767,7 +1767,7 @@ crypto_retrieve_X509_sans(krb5_context context, { krb5_error_code retval = EINVAL; char buf[DN_BUF_LEN]; - int p = 0, u = 0, d = 0; + int p = 0, u = 0, d = 0, l; krb5_principal *princs = NULL; krb5_principal *upns = NULL; unsigned char **dnss = NULL; @@ -1787,14 +1787,14 @@ crypto_retrieve_X509_sans(krb5_context context, buf, sizeof(buf)); pkiDebug("%s: looking for SANs in cert = %s\n", __FUNCTION__, buf); - if ((i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) { + if ((l = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) { X509_EXTENSION *ext = NULL; GENERAL_NAMES *ialt = NULL; GENERAL_NAME *gen = NULL; int ret = 0; unsigned int num_sans = 0; - if (!(ext = X509_get_ext(cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) { + if (!(ext = X509_get_ext(cert, l)) || !(ialt = X509V3_EXT_d2i(ext))) { pkiDebug("%s: found no subject alt name extensions\n", __FUNCTION__); goto cleanup; |