From aee0c0d471500b424345f2444884ae165d58006f Mon Sep 17 00:00:00 2001 From: Chenjp Date: Thu, 26 Feb 2026 15:10:45 +0800 Subject: [PATCH] Unexpected i2d_X509 length Consider the possibility of zero length. --- .../apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 2 +- .../apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index fcdd12afa2c6..f64ba67dc623 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -810,7 +810,7 @@ public int apply(MemorySegment /* X509_STORE_CTX */ x509_ctx, MemorySegment para MemorySegment/* (X509*) */ x509 = openssl_h_Compatibility.OPENSSL_sk_value(sk, i); MemorySegment bufPointer = localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL); int length = i2d_X509(x509, bufPointer); - if (length < 0) { + if (length <= 0) { certificateChain[i] = new byte[0]; continue; } diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java index f3ce726f2fe8..ebf200340399 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java @@ -864,7 +864,7 @@ private byte[][] getPeerCertChain() { MemorySegment/* (X509*) */ x509 = openssl_h_Compatibility.OPENSSL_sk_value(sk, i); MemorySegment bufPointer = localArena.allocateFrom(ValueLayout.ADDRESS, MemorySegment.NULL); int length = i2d_X509(x509, bufPointer); - if (length < 0) { + if (length <= 0) { certificateChain[i] = new byte[0]; continue; }