The function CMS_get1_ReceiptRequest can explicitly return 0 or -1 in the case of error. Therefore, the error checking code should check whether the result is less than or equal to 0, and not just whether it is equal to zero.
The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @expression@ expression list args; @@ - CMS_get1_ReceiptRequest(args) == 0 + CMS_get1_ReceiptRequest(args) <= 0 || ... @expression@ expression list args; @@ - CMS_get1_ReceiptRequest(args) != 0 + CMS_get1_ReceiptRequest(args) > 0 || ... // </smpl> --- diff -u -p a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c --- a/crypto/cms/cms_ess.c 2008-04-01 18:29:42.000000000 +0200 +++ b/crypto/cms/cms_ess.c 2009-09-12 11:25:38.000000000 +0200 @@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo * /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(osi, &rr)) + if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); goto err; @@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CM /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(si, &rr)) + if (CMS_get1_ReceiptRequest(si, &rr) <= 0) { CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); goto err; ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
