Commit deba49ff0a for openssl.org
commit deba49ff0aa58b16c996a0d446335de2a4722540
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Mon Mar 16 19:30:04 2026 +1100
Avoid premature short-circuit in check_email
- Also harden check_hosts() to handle NULL `vpm->hosts`,
currently checked by the caller.
- Also harden check_ips() to handle NULL `vpm->ips`,
currently checked by the caller.
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Mar 17 15:35:16 2026
(Merged from https://github.com/openssl/openssl/pull/30444)
(cherry picked from commit 6f9a0f3bcdf8f7c8b3d6a7dfb100788a8726905e)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index c2c39a1e49..6537a2c7f8 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -929,64 +929,55 @@ static int check_id_error(X509_STORE_CTX *ctx, int errcode)
static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm)
{
- int i;
- int n = sk_X509_BUFFER_num(vpm->hosts);
const uint8_t *name;
+ int n = sk_X509_BUFFER_num(vpm->hosts);
if (vpm->peername != NULL) {
OPENSSL_free(vpm->peername);
vpm->peername = NULL;
}
- for (i = 0; i < n; ++i) {
+ for (int i = 0; i < n; ++i) {
size_t len = sk_X509_BUFFER_value(vpm->hosts, i)->len;
name = sk_X509_BUFFER_value(vpm->hosts, i)->data;
if (X509_check_host(x, (const char *)name, len, vpm->hostflags, &vpm->peername) > 0)
return 1;
}
- return n == 0;
+ return n <= 0;
}
static int check_email(X509 *x, X509_VERIFY_PARAM *vpm)
{
- int i, n, j;
const uint8_t *name;
+ int nasc = sk_X509_BUFFER_num(vpm->rfc822s);
+ int nutf = sk_X509_BUFFER_num(vpm->smtputf8s);
- if (vpm->rfc822s == NULL)
- return 1;
-
- n = sk_X509_BUFFER_num(vpm->rfc822s);
-
- for (i = 0; i < n; ++i) {
+ for (int i = 0; i < nasc; ++i) {
size_t len = sk_X509_BUFFER_value(vpm->rfc822s, i)->len;
name = sk_X509_BUFFER_value(vpm->rfc822s, i)->data;
if (ossl_x509_check_rfc822(x, (const char *)name, len, vpm->hostflags))
return 1;
}
-
- j = sk_X509_BUFFER_num(vpm->smtputf8s);
- for (i = 0; i < j; ++i) {
+ for (int i = 0; i < nutf; ++i) {
size_t len = sk_X509_BUFFER_value(vpm->smtputf8s, i)->len;
name = sk_X509_BUFFER_value(vpm->smtputf8s, i)->data;
if (ossl_x509_check_smtputf8(x, (const char *)name, len, vpm->hostflags))
return 1;
}
-
- return n == 0 && j == 0;
+ return nasc <= 0 && nutf <= 0;
}
static int check_ips(X509 *x, X509_VERIFY_PARAM *vpm)
{
- int i;
- int n = sk_X509_BUFFER_num(vpm->ips);
const uint8_t *name;
+ int n = sk_X509_BUFFER_num(vpm->ips);
- for (i = 0; i < n; ++i) {
+ for (int i = 0; i < n; ++i) {
size_t len = sk_X509_BUFFER_value(vpm->ips, i)->len;
name = sk_X509_BUFFER_value(vpm->ips, i)->data;
if (X509_check_ip(x, name, len, vpm->hostflags) > 0)
return 1;
}
- return n == 0;
+ return n <= 0;
}
static int check_id(X509_STORE_CTX *ctx)