Fix a bug in addr_contains() introduced in OpenSSL commit be71c372

author tb <tb@openbsd.org>

Wed, 5 Jan 2022 07:28:41 +0000 (07:28 +0000)

committer tb <tb@openbsd.org>

Wed, 5 Jan 2022 07:28:41 +0000 (07:28 +0000)
author tb <tb@openbsd.org>
Wed, 5 Jan 2022 07:28:41 +0000 (07:28 +0000)
committer tb <tb@openbsd.org>
Wed, 5 Jan 2022 07:28:41 +0000 (07:28 +0000)
diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c

index edb85f3..92d540d 100644 (file)
--- a/lib/libcrypto/x509/x509_addr.c
+++ b/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509_addr.c,v 1.58 2022/01/04 20:52:34 tb Exp $ */
+/*     $OpenBSD: x509_addr.c,v 1.59 2022/01/05 07:28:41 tb Exp $ */
  /*
   * Contributed to the OpenSSL Project by the American Registry for
   * Internet Numbers ("ARIN").
@@ -1648,7 +1648,7 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length)
         for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
                 if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
                     c_min, c_max, length))
-                       return -1;
+                       return 0;
                 for (;; p++) {
                         if (p >= sk_IPAddressOrRange_num(parent))
                                 return 0;