Fix incomplete check on X509V3_add1_i2d()

X509V3_add1_i2d() can return both -1 and 0 as an error code. This check only checked for 0. Change it into <= 0 to also catch the -1 error code. CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20157)
author: ndossche <niels.dossche@ugent.be> 2023-01-27 15:43:42 +0100
committer: Pauli <pauli@openssl.org> 2023-01-31 11:05:51 +1100
commit: ecd445464a73bb3f125327a604dd13ad16303ebc (patch)
tree: ea7dbcd1499f0d6d56331b87c745f8f78e36bb81 /crypto/ocsp
parent: 8bb55680e46c868b0aa09682c2bef954231841b5 (diff)
download: openssl-new-ecd445464a73bb3f125327a604dd13ad16303ebc.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index c2b61bd4f2..753b30ce47 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -268,8 +268,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
         memcpy(tmpval, val, len);
     else if (RAND_bytes(tmpval, len) <= 0)
         goto err;
-    if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
-                         &os, 0, X509V3_ADD_REPLACE))
+    if (X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+                         &os, 0, X509V3_ADD_REPLACE) <= 0)
         goto err;
     ret = 1;
  err:
author	ndossche <niels.dossche@ugent.be>	2023-01-27 15:43:42 +0100
committer	Pauli <pauli@openssl.org>	2023-01-31 11:05:51 +1100
commit	ecd445464a73bb3f125327a604dd13ad16303ebc (patch)
tree	ea7dbcd1499f0d6d56331b87c745f8f78e36bb81 /crypto/ocsp
parent	8bb55680e46c868b0aa09682c2bef954231841b5 (diff)
download	openssl-new-ecd445464a73bb3f125327a604dd13ad16303ebc.tar.gz