From b02bfbb791e62856a09ec89f0799c3c0b8355825 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 19 Mar 2025 16:26:20 +0000
Subject: X509_VERIFY_PARAM_get0: avoid out of bounds access when id < 0

ok jsing
---
 src/lib/libcrypto/x509/x509_vpm.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 4b333e2a2d..4348ebe42f 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vpm.c,v 1.47 2025/03/12 04:58:04 tb Exp $ */
+/* $OpenBSD: x509_vpm.c,v 1.48 2025/03/19 16:26:20 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
@@ -698,6 +698,10 @@ const X509_VERIFY_PARAM *
 X509_VERIFY_PARAM_get0(int id)
 {
 	int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
+
+	if (id < 0)
+		return NULL;
+
 	if (id < num)
 		return default_table + id;
 	return sk_X509_VERIFY_PARAM_value(param_table, id - num);
-- 
cgit v1.2.3-55-g6feb