Don't use a negative number as a length. Coverity ID 57.

author Ben Laurie <ben@openssl.org>

Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)

committer Ben Laurie <ben@openssl.org>

Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)
author Ben Laurie <ben@openssl.org>
Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)
committer Ben Laurie <ben@openssl.org>
Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c

index d9750d09351ed51c29381352d66de2abe66bb07b..6d8883fbbd031702a331b08430a53cd1a177bf8c 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -863,8 +863,10 @@ static int client_certificate(SSL *s)
                 EVP_SignUpdate(&ctx,s->s2->key_material,
                                s->s2->key_material_length);
                 EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-               n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
-               EVP_SignUpdate(&ctx,buf,(unsigned int)n);
+               i=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
+               /* Don't update the signature if it fails - FIXME: probably should handle this better */
+               if(i > 0)
+                       EVP_SignUpdate(&ctx,buf,(unsigned int)i);
  
                 p=buf;
                 d=p+6;
author	Ben Laurie <ben@openssl.org>
	Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)
committer	Ben Laurie <ben@openssl.org>
	Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)