Google Git
Sign in
boringssl/boringssl/8dce4fd20ab7e768c0a5103edc1d8cb7e54366ba^!/.
commit
8dce4fd20ab7e768c0a5103edc1d8cb7e54366ba
[log]
author
Rudolf Polzer <rpolzer@google.com>
Wed Mar 25 07:18:20 2026 -0700
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Wed Mar 25 07:46:30 2026 -0700
tree
cd5d5c2f448c0ba034f2945441f1df5e696bc5e8
parent
5a706f2d40fd0fbe287ad0067aac886d078c75f0 [diff]
Partial rollback of I40aed9832f72f6bd2b4b8a7f9d68f60ae0eb1e2c.

One loop is changed back to an index loop, as it had intentionally not
started at zero.

Tests in a future CL - get this partial rollback out first.

Bug: 495832128
Change-Id: I7cdf6cbdbd5f07093cdf3c191bfbd5c46a6a6964
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91507
Reviewed-by: Xiangfei Ding <xfding@google.com>
Commit-Queue: Rudolf Polzer <rpolzer@google.com>

diff --git a/crypto/x509/x509_lu.cc b/crypto/x509/x509_lu.cc
index c6d1728..4adee72 100644
--- a/crypto/x509/x509_lu.cc
+++ b/crypto/x509/x509_lu.cc

@@ -507,8 +507,12 @@
   int idx = X509_OBJECT_idx_by_subject(store->objs.get(), X509_LU_X509, xn);
   if (idx != -1) {  // should be true as we've had at least one match
     // Look through all matching certs for suitable issuer
-    for (X509_OBJECT *pobj : store->objs.get()) {
-      // See if we've run past the matches
+    for (size_t i = idx; i < sk_X509_OBJECT_num(store->objs.get()); i++) {
+      X509_OBJECT *pobj = sk_X509_OBJECT_value(store->objs.get(), i);
+      // See if we've run past the matches.
+      //
+      // This works because the objects are sorted by type, then subject
+      // name, using |x509_object_cmp|.
       if (pobj->type != X509_LU_X509) {
         return 0;
       }