From 857ff97c679f967bce8edde8503bab927ed14c82 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Fri, 26 Jul 2024 13:33:39 +0000
Subject: [PATCH] Disable X509at_get_attr{,_count}() and X509at_delete_attr()

These are (not so) thin wrappers around the stack API and only make
things unreadable by adding an unneccesary layer of indirection and
repeating checks already present in the stack API. X509at_delete_attr()
is a masterpiece.

ok jsing
---
 lib/libcrypto/x509/x509_att.c | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/lib/libcrypto/x509/x509_att.c b/lib/libcrypto/x509/x509_att.c
index 2bf6aa498ed..21b47ce96fb 100644
--- a/lib/libcrypto/x509/x509_att.c
+++ b/lib/libcrypto/x509/x509_att.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_att.c,v 1.23 2024/07/26 13:30:40 tb Exp $ */
+/* $OpenBSD: x509_att.c,v 1.24 2024/07/26 13:33:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,7 +71,8 @@
 int
 X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
-	return sk_X509_ATTRIBUTE_num(x);
+	X509error(ERR_R_DISABLED);
+	return 0;
 }
 LCRYPTO_ALIAS(X509at_get_attr_count);
 
@@ -112,22 +113,16 @@ LCRYPTO_ALIAS(X509at_get_attr_by_OBJ);
 X509_ATTRIBUTE *
 X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-		return NULL;
-	else
-		return sk_X509_ATTRIBUTE_value(x, loc);
+	X509error(ERR_R_DISABLED);
+	return NULL;
 }
 LCRYPTO_ALIAS(X509at_get_attr);
 
 X509_ATTRIBUTE *
 X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
-	X509_ATTRIBUTE *ret;
-
-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-		return (NULL);
-	ret = sk_X509_ATTRIBUTE_delete(x, loc);
-	return (ret);
+	X509error(ERR_R_DISABLED);
+	return NULL;
 }
 LCRYPTO_ALIAS(X509at_delete_attr);
 
-- 
2.20.1