From: tb <tb@openbsd.org>
Date: Fri, 24 Dec 2021 01:56:08 +0000 (+0000)
Subject: Turn assert in X509v3_addr_canonize() into an error check.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=aa99f8fe96644abcfeb2c3ee7d049a2186a4aa09;p=openbsd

Turn assert in X509v3_addr_canonize() into an error check.

All internal callers check the return value and future external
callers will be happy not to hit an assert from the library.

ok jsing
---

diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c
index 266562fd9a7..894dfff501e 100644
--- a/lib/libcrypto/x509/x509_addr.c
+++ b/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_addr.c,v 1.22 2021/12/23 23:48:38 tb Exp $ */
+/*	$OpenBSD: x509_addr.c,v 1.23 2021/12/24 01:56:08 tb Exp $ */
 /*
  * Contributed to the OpenSSL Project by the American Registry for
  * Internet Numbers ("ARIN").
@@ -1145,6 +1145,7 @@ int
 X509v3_addr_canonize(IPAddrBlocks *addr)
 {
 	int i;
+
 	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
 		IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
 		if (f->ipAddressChoice->type ==
@@ -1153,10 +1154,11 @@ X509v3_addr_canonize(IPAddrBlocks *addr)
 		    X509v3_addr_get_afi(f)))
 			return 0;
 	}
+
 	(void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
 	sk_IPAddressFamily_sort(addr);
-	OPENSSL_assert(X509v3_addr_is_canonical(addr));
-	return 1;
+
+	return X509v3_addr_is_canonical(addr);
 }
 
 /*