diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2024-08-14 14:40:39 +0200 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2024-08-17 18:09:15 +0200 |
commit | 8d28402ce38842e8aca9e0ce26ae44fa10c7b62e (patch) | |
tree | 3503abdf4e43c9be6c5e8b3d9f6d3bed195ea19a | |
parent | 7c3c7374ce8676331770a8f9bbc1452bbdacf3be (diff) |
We can't check policy if we got an empty stack of certs
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25186)
-rw-r--r-- | crypto/x509/pcy_tree.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c index d7307b12da..86e3afc881 100644 --- a/crypto/x509/pcy_tree.c +++ b/crypto/x509/pcy_tree.c @@ -110,6 +110,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, *ptree = NULL; + if (n < 0) + return X509_PCY_TREE_INTERNAL; /* Can't do anything with just a trust anchor */ if (n == 0) return X509_PCY_TREE_EMPTY; |