svn rev #24323: trunk/src/plugins/preauth/pkinit/
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Sep 15 18:43:00 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24323
Commit By: ghudson
Log Message:
ticket: 6774
In the PKINIT OpenSSL crypto code, use a signed int to hold the result
of X509_get_ext_by_NID so we can detect negative return values.
Reported by nalin at redhat.com.
Changed Files:
U trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2010-09-15 20:07:39 UTC (rev 24322)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2010-09-15 22:43:00 UTC (rev 24323)
@@ -1767,7 +1767,7 @@
{
krb5_error_code retval = EINVAL;
char buf[DN_BUF_LEN];
- int p = 0, u = 0, d = 0;
+ int p = 0, u = 0, d = 0, l;
krb5_principal *princs = NULL;
krb5_principal *upns = NULL;
unsigned char **dnss = NULL;
@@ -1787,14 +1787,14 @@
buf, sizeof(buf));
pkiDebug("%s: looking for SANs in cert = %s\n", __FUNCTION__, buf);
- if ((i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) {
+ if ((l = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) {
X509_EXTENSION *ext = NULL;
GENERAL_NAMES *ialt = NULL;
GENERAL_NAME *gen = NULL;
int ret = 0;
unsigned int num_sans = 0;
- if (!(ext = X509_get_ext(cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) {
+ if (!(ext = X509_get_ext(cert, l)) || !(ialt = X509V3_EXT_d2i(ext))) {
pkiDebug("%s: found no subject alt name extensions\n",
__FUNCTION__);
goto cleanup;
More information about the cvs-krb5
mailing list