Fix length checks in X509_cmp_time to avoid out-of-bounds reads.

[openssl.git] / crypto / ocsp / ocsp_prn.c

diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 1834256af271f3f39d431124cf5718bf5e383090..b826292df884f2940f15dcc256ef0cee2b2feac9 100644 (file)
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -67,6 +67,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
 #include <openssl/pem.h>
 
 static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
@@ -213,7 +214,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
     }
 
     i = ASN1_STRING_length(rb->response);
-    if (!(br = OCSP_response_get1_basic(o)))
+    if ((br = OCSP_response_get1_basic(o)) == NULL)
         goto err;
     rd = br->tbsResponseData;
     l = ASN1_INTEGER_get(rd->version);