Fix a NULL dereference in GENERAL_NAME_cmp()libressl-v3.1.5OPENBSD_6_7

Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
control both sides of the comparison.

Issue reported to OpenSSL on Nov 9 by David Benjamin.
OpenSSL shared the information with us on Dec 1st.
Fix from Matt Caswell (OpenSSL) with a few small tweaks.

ok jsing

this is errata/6.7/031_asn1.patch.sig

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index 0a8da415fb..9cbc21238b 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */
+/* $OpenBSD: asn1.h,v 1.53.6.1 2020/12/08 15:10:03 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1137,6 +1137,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_BAD_OBJECT_HEADER                         102
 #define ASN1_R_BAD_PASSWORD_READ                         103
 #define ASN1_R_BAD_TAG                                   104
+#define ASN1_R_BAD_TEMPLATE                              230
 #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
 #define ASN1_R_BN_LIB                                    105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106