From 388e124841c208b3e8dc39c804e7f3679d30e706 Mon Sep 17 00:00:00 2001
From: Enji Cooper <yaneurabeya@gmail.com>
Date: Wed, 5 Jun 2024 22:27:34 -0700
Subject: [PATCH] ldns_dane_match_any_cert_with_data: fix types

Both `i` and `n` should match the return type for `sk_X509_num` (which
is `int`, not `size_t`). This addresses a potential issue where
`sk_X509_num(..)` could return -1, resulting in an unnecessary number of
loop iterations and undesirable behavior.

Reported by:	Coverity
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
---
 dane.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dane.c b/dane.c
index b8487b53..1bf4862f 100644
--- a/dane.c
+++ b/dane.c
@@ -625,10 +625,10 @@ ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
 		ldns_rdf* data, bool ca)
 {
 	ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
-	size_t n, i;
+	int n, i;
 	X509* cert;
 
-	n = (size_t)sk_X509_num(chain);
+	n = sk_X509_num(chain);
 	for (i = 0; i < n; i++) {
 		cert = sk_X509_pop(chain);
 		if (! cert) {