From 25128aa86b3c1fab0a730b15592a21b839ae5a03 Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 8 Dec 2020 15:10:03 +0000 Subject: Fix a NULL dereference in GENERAL_NAME_cmp() Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead to a crash. This enables a denial of service attack for an attacker who can control both sides of the comparison. Issue reported to OpenSSL on Nov 9 by David Benjamin. OpenSSL shared the information with us on Dec 1st. Fix from Matt Caswell (OpenSSL) with a few small tweaks. ok jsing this is errata/6.7/031_asn1.patch.sig --- src/lib/libcrypto/asn1/asn1.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib/libcrypto/asn1/asn1.h') diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 0a8da415fb..9cbc21238b 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */ +/* $OpenBSD: asn1.h,v 1.53.6.1 2020/12/08 15:10:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1137,6 +1137,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BAD_TEMPLATE 230 #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 -- cgit v1.2.3-55-g6feb