Properly check EVP_VerifyFinal() and similar return values

(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team

1 files changed, 2 insertions, 2 deletions

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 0daf2b129d..50d55e6bf1 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -1054,7 +1054,7 @@ static int request_certificate(SSL *s)
 
 	i=ssl_verify_cert_chain(s,sk);
 
-	if (i)	/* we like the packet, now check the chksum */
+	if (i > 0)	/* we like the packet, now check the chksum */
 		{
 		EVP_MD_CTX ctx;
 		EVP_PKEY *pkey=NULL;
@@ -1083,7 +1083,7 @@ static int request_certificate(SSL *s)
 		EVP_PKEY_free(pkey);
 		EVP_MD_CTX_cleanup(&ctx);
 
-		if (i) 
+		if (i > 0)
 			{
 			if (s->session->peer != NULL)
 				X509_free(s->session->peer);