Fix bug in copy_email() which would not

find emailAddress at start of subject name.

diff --git a/CHANGES b/CHANGES
index 753853c8fa869803b5eef4fab78e2ff20028bae3..3c45bc7f2b61d57b3002093d7c85be12a178f0c5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
   *) In BN_div() keep a copy of the sign of 'num' before writing the
      result to 'rm' because if rm==num the value will be overwritten
      and produce the wrong result if 'num' is negative: this caused

diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index f7dabc4f2bc542528c356a3f57e0f67adb4729a2..0fc5c1fb131d5b231fea2e820eb12bf016fd0847 100644 (file)
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -318,7 +318,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens)
        /* Now add any email address(es) to STACK */
        i = -1;
        while((i = X509_NAME_get_index_by_NID(nm,
-                                        NID_pkcs9_emailAddress, i)) > 0) {
+                                        NID_pkcs9_emailAddress, i)) >= 0) {
                ne = X509_NAME_get_entry(nm, i);
                email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
                if(!email || !(gen = GENERAL_NAME_new())) {