Fix a NULL dereference in GENERAL_NAME_cmp()libressl-v3.1.5 OPENBSD_6_7

Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing this is errata/6.7/031_asn1.patch.sig
author: tb <> 2020-12-08 15:10:03 +0000
committer: tb <> 2020-12-08 15:10:03 +0000
commit: 25128aa86b3c1fab0a730b15592a21b839ae5a03 (patch)
tree: ab578539bc4c69bc884b6e42f1cb7e99e6eb0216 /src/lib/libcrypto/asn1/asn1_lib.c
parent: 3b56f0265346ac27187ab1c0aa41bc27260bea5b (diff)
download: openbsd-OPENBSD_6_7.tar.gz
openbsd-OPENBSD_6_7.tar.bz2
openbsd-OPENBSD_6_7.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 5dc520c428..5d79e6833f 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.44 2018/11/17 09:34:11 tb Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.44.6.1 2020/12/08 15:10:03 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -388,6 +388,8 @@ ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 {
        int i;
+        if (a == NULL || b == NULL)
+                return -1;
        i = (a->length - b->length);
        if (i == 0) {
                i = memcmp(a->data, b->data, a->length);
author	tb <>	2020-12-08 15:10:03 +0000
committer	tb <>	2020-12-08 15:10:03 +0000
commit	25128aa86b3c1fab0a730b15592a21b839ae5a03 (patch)
tree	ab578539bc4c69bc884b6e42f1cb7e99e6eb0216 /src/lib/libcrypto/asn1/asn1_lib.c
parent	3b56f0265346ac27187ab1c0aa41bc27260bea5b (diff)
download	openbsd-OPENBSD_6_7.tar.gz openbsd-OPENBSD_6_7.tar.bz2 openbsd-OPENBSD_6_7.zip