Fix a NULL dereference in GENERAL_NAME_cmp()libressl-v3.2.3

Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing this is errata/6.8/008_asn1.patch.sig
author: tb <> 2020-12-08 15:08:47 +0000
committer: tb <> 2020-12-08 15:08:47 +0000
commit: 267ac14fa6781b6553b05a6d8dcdf99eaacc0edf (patch)
tree: 04d30b19586f2c165be5347140b51a43e96bb77e /src/lib/libcrypto/asn1/asn1_lib.c
parent: ede7983d76de701a5269bb2be80a23f8da520e42 (diff)
download: openbsd-libressl-v3.2.3.tar.gz
openbsd-libressl-v3.2.3.tar.bz2
openbsd-libressl-v3.2.3.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 5dc520c428..11e76b6f54 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.44 2018/11/17 09:34:11 tb Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.44.10.1 2020/12/08 15:08:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -388,6 +388,8 @@ ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 {
        int i;
+        if (a == NULL || b == NULL)
+                return -1;
        i = (a->length - b->length);
        if (i == 0) {
                i = memcmp(a->data, b->data, a->length);
author	tb <>	2020-12-08 15:08:47 +0000
committer	tb <>	2020-12-08 15:08:47 +0000
commit	267ac14fa6781b6553b05a6d8dcdf99eaacc0edf (patch)
tree	04d30b19586f2c165be5347140b51a43e96bb77e /src/lib/libcrypto/asn1/asn1_lib.c
parent	ede7983d76de701a5269bb2be80a23f8da520e42 (diff)
download	openbsd-libressl-v3.2.3.tar.gz openbsd-libressl-v3.2.3.tar.bz2 openbsd-libressl-v3.2.3.zip