From 8ed36ed2bac086885e3e4e881f0ccdae91bf6df7 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 21 Apr 2022 04:24:51 +0000 Subject: [PATCH] Fix X509_get_extension_flags() Ensure that EXFLAG_INVALID is set on X509_get_purpose() failure. ok inoguchi jsing --- lib/libcrypto/x509/x509_purp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/x509/x509_purp.c b/lib/libcrypto/x509/x509_purp.c index a05c0388ac2..4d833f73ba6 100644 --- a/lib/libcrypto/x509/x509_purp.c +++ b/lib/libcrypto/x509/x509_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_purp.c,v 1.13 2021/11/04 23:52:34 beck Exp $ */ +/* $OpenBSD: x509_purp.c,v 1.14 2022/04/21 04:24:51 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -952,7 +952,7 @@ X509_get_extension_flags(X509 *x) { /* Call for side-effect of computing hash and caching extensions */ if (X509_check_purpose(x, -1, -1) != 1) - return 0; + return EXFLAG_INVALID; return x->ex_flags; } -- 2.20.1