Fix a NULL dereference in GENERAL_NAME_cmp()libressl-v3.1.5OPENBSD_6_7

Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
control both sides of the comparison.

Issue reported to OpenSSL on Nov 9 by David Benjamin.
OpenSSL shared the information with us on Dec 1st.
Fix from Matt Caswell (OpenSSL) with a few small tweaks.

ok jsing

this is errata/6.7/031_asn1.patch.sig

0 files changed, 0 insertions, 0 deletions