From e52ec74d4afb35e6448175b32b9fd2c129b007d0 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 28 Apr 2023 15:16:48 +0000 Subject: [PATCH] Deassert x509_policy_new() Turn the check into an error which will make all callers error. with beck ok jsing --- lib/libcrypto/x509/x509_policy.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/x509/x509_policy.c b/lib/libcrypto/x509/x509_policy.c index 32ee4e9f4ff..c8f9447e4f6 100644 --- a/lib/libcrypto/x509/x509_policy.c +++ b/lib/libcrypto/x509/x509_policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_policy.c,v 1.16 2023/04/28 09:56:09 tb Exp $ */ +/* $OpenBSD: x509_policy.c,v 1.17 2023/04/28 15:16:48 tb Exp $ */ /* * Copyright (c) 2022, Google Inc. * @@ -203,9 +203,10 @@ x509_policy_node_free(X509_POLICY_NODE *node) static X509_POLICY_NODE * x509_policy_node_new(const ASN1_OBJECT *policy) { - assert(!is_any_policy(policy)); - X509_POLICY_NODE *node; + X509_POLICY_NODE *node = NULL; + if (is_any_policy(policy)) + goto err; if ((node = calloc(1, sizeof(*node))) == NULL) goto err; if ((node->policy = OBJ_dup(policy)) == NULL) -- 2.20.1