From 0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Mon, 29 Dec 2008 16:11:58 +0000
Subject: If we're going to return errors (no matter how stupid), then we
 should test for them!

---
 crypto/ocsp/ocsp_vfy.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto/ocsp')

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index be9bf5b0f0..415d67e61c 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -308,6 +308,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
 			}
 
 		mdlen = EVP_MD_size(dgst);
+		if (mdlen < 0)
+		    return -1;
 		if ((cid->issuerNameHash->length != mdlen) ||
 		   (cid->issuerKeyHash->length != mdlen))
 			return 0;
-- 
cgit v1.2.3