From 920304fa6a24b5094b74afa29d3e6eefa753fb55 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 24 Dec 2021 02:23:44 +0000 Subject: [PATCH] Turn asserts in ASIdentifierChoice_canonize() into error checks The first assert ensures that a stack that was just sorted in a stronger sense is sorted in a weak sense and the second assert ensures that the result of the canonization procedure is canonical. All callers check for error, so these asserts don't do anything useful. ok jsing --- lib/libcrypto/x509/x509_asid.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/x509/x509_asid.c b/lib/libcrypto/x509/x509_asid.c index 5eeb5953d37..bf51c9bb2aa 100644 --- a/lib/libcrypto/x509/x509_asid.c +++ b/lib/libcrypto/x509/x509_asid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_asid.c,v 1.25 2021/12/24 02:22:16 tb Exp $ */ +/* $OpenBSD: x509_asid.c,v 1.26 2021/12/24 02:23:44 tb Exp $ */ /* * Contributed to the OpenSSL Project by the American Registry for * Internet Numbers ("ARIN"). @@ -649,7 +649,8 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) /* * Make sure we're properly sorted (paranoia). */ - OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); + if (ASN1_INTEGER_cmp(a_min, b_min) > 0) + goto done; /* * Punt inverted ranges. @@ -736,7 +737,8 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) } /* Paranoia */ - OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); + if (!ASIdentifierChoice_is_canonical(choice)) + goto done; ret = 1; -- 2.20.1