diff options
| author | tb <> | 2020-12-08 15:06:42 +0000 | 
|---|---|---|
| committer | tb <> | 2020-12-08 15:06:42 +0000 | 
| commit | 9b6213a4c1c3792c23b8d5da5d4d7ef1cae15e50 (patch) | |
| tree | 21666fa07453516b9358a615a663acd5584cebc9 /src/lib/libc/crypt/crypt.c | |
| parent | 44baf3722b2a45a27cba7695d8a2f00a965c973e (diff) | |
| download | openbsd-9b6213a4c1c3792c23b8d5da5d4d7ef1cae15e50.tar.gz openbsd-9b6213a4c1c3792c23b8d5da5d4d7ef1cae15e50.tar.bz2 openbsd-9b6213a4c1c3792c23b8d5da5d4d7ef1cae15e50.zip | |
Fix a NULL dereference in GENERAL_NAME_cmp()
Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
control both sides of the comparison.
Issue reported to OpenSSL on Nov 9 by David Benjamin.
OpenSSL shared the information with us on Dec 1st.
Fix from Matt Caswell (OpenSSL) with a few small tweaks.
ok jsing
Diffstat (limited to 'src/lib/libc/crypt/crypt.c')
0 files changed, 0 insertions, 0 deletions
