Skip to content

Commit

Permalink
ldns_dane_match_any_cert_with_data: fix types
Browse files Browse the repository at this point in the history 
Both `i` and `n` should match the return type for `sk_X509_num` (which
is `int`, not `size_t`). This addresses a potential issue where
`sk_X509_num(..)` could return -1, resulting in an unnecessary number of
loop iterations and undesirable behavior.

Reported by:	Coverity
Signed-off-by: Enji Cooper <[email protected]>
  • Loading branch information
@ngie-eign
ngie-eign committed Jun 6, 2024
1 parent 5afb814 commit 388e124
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions dane.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -625,10 +625,10 @@ ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
ldns_rdf* data, bool ca)
{
ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
size_t n, i;
int n, i;
X509* cert;

n = (size_t)sk_X509_num(chain);
n = sk_X509_num(chain);
for (i = 0; i < n; i++) {
cert = sk_X509_pop(chain);
if (! cert) {
Expand Down

0 comments on commit 388e124

Please sign in to comment.