From bbe5279d721c3820e04b62e434552893d66847b5 Mon Sep 17 00:00:00 2001
From: Paul Arthur <paul.arthur@flowerysong.com>
Date: Wed, 10 Apr 2024 18:24:25 +0000
Subject: [PATCH] Don't allow libopenarc to set an invalid chain status

This is mainly an issue when a single administrative domain extends
the chain multiple times, e.g. on initial receipt and after an
internal modification of the message.

Fixes https://github.com/trusteddomainproject/OpenARC/issues/169
---
 libopenarc/arc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libopenarc/arc.c b/libopenarc/arc.c
index 987d638..897f14a 100644
--- a/libopenarc/arc.c
+++ b/libopenarc/arc.c
@@ -3115,6 +3115,10 @@ arc_set_cv(ARC_MESSAGE *msg, ARC_CHAIN cv)
 	       cv == ARC_CHAIN_FAIL ||
 	       cv == ARC_CHAIN_PASS);
 
+	/* none is only valid if there is no existing chain */
+	if ((cv == ARC_CHAIN_NONE) && (msg->arc_nsets != 0))
+		cv = ARC_CHAIN_PASS;
+
 	msg->arc_cstate = cv;
 }