Don't use a negative number as a length. Coverity ID 57.

author: Ben Laurie <ben@openssl.org> 2007-04-05 16:28:48 +0000
committer: Ben Laurie <ben@openssl.org> 2007-04-05 16:28:48 +0000
commit: fa9fed1c3ad00878312a0c77053a83f915ef68ef (patch)
tree: cd139d5fa94375a1d031c044b0ec990595347632
parent: f6301f6888096a65919e07a3f9b37c2b672517c4 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index d9750d0935..6d8883fbbd 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -863,8 +863,10 @@ static int client_certificate(SSL *s)
 		EVP_SignUpdate(&ctx,s->s2->key_material,
 			       s->s2->key_material_length);
 		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-		n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
-		EVP_SignUpdate(&ctx,buf,(unsigned int)n);
+		i=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
+		/* Don't update the signature if it fails - FIXME: probably should handle this better */
+		if(i > 0)
+			EVP_SignUpdate(&ctx,buf,(unsigned int)i);
 
 		p=buf;
 		d=p+6;
author	Ben Laurie <ben@openssl.org>	2007-04-05 16:28:48 +0000
committer	Ben Laurie <ben@openssl.org>	2007-04-05 16:28:48 +0000
commit	fa9fed1c3ad00878312a0c77053a83f915ef68ef (patch)
tree	cd139d5fa94375a1d031c044b0ec990595347632
parent	f6301f6888096a65919e07a3f9b37c2b672517c4 (diff)