From b468f25e20a1bbfbabbc534c5c2b1b862fe98bbe Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 27 Jan 2026 14:18:32 +0000
Subject: Avoid type confusion in the timestamp response parsing

A malformed v2 signing cert can lead to a type confusion, and the result
is a read from an invalid memory address or NULL, so a crash. Unlike for
OpenSSL, v1 signing certs aren't affected since miod fixed this in '14.

Reported by Luigino Camastra, fix by Bob Beck, via OpenSSL, CVE 2025-69420.

ok jsing
---
 src/lib/libcrypto/ts/ts_rsp_verify.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
index e9a778bb88..8731e04c0d 100644
--- a/src/lib/libcrypto/ts/ts_rsp_verify.c
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_verify.c,v 1.32 2025/12/05 14:19:27 tb Exp $ */
+/* $OpenBSD: ts_rsp_verify.c,v 1.33 2026/01/27 14:18:32 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -365,6 +365,8 @@ ESS_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)
 	attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
 	if (attr == NULL)
 		return NULL;
+	if (attr->type != V_ASN1_SEQUENCE)
+		return NULL;
 	p = attr->value.sequence->data;
 	return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
 }
-- 
cgit v1.2.3-55-g6feb