The function BIO_write can return a negative integer or zero in an error case. Thus, testing whether the result is nonzero is not meaningful. Other nearby code tests whether it is less than or equal to 0, which is the change made here.
The semantic patch that helps find this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @expression@ expression list args; @@ - BIO_write(args) == 0 + BIO_write(args) <= 0 || ... @expression@ expression list args; @@ - BIO_write(args) != 0 + BIO_write(args) > 0 || ... // </smpl> --- diff -u -p a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c --- a/crypto/asn1/asn1_par.c 2009-01-28 13:54:52.000000000 +0100 +++ b/crypto/asn1/asn1_par.c 2009-09-22 15:40:27.000000000 +0200 @@ -239,7 +239,7 @@ static int asn1_parse2(BIO *bp, const un ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); if (ii < 0) { - if (BIO_write(bp,"Bad boolean\n",12)) + if (BIO_write(bp,"Bad boolean\n",12) <= 0) goto end; } BIO_printf(bp,":%d",ii); ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
