/[smecontribs]/rpms/openssl3/contribs10/0107-CVE-2023-0286-X400.patch
ViewVC logotype

Contents of /rpms/openssl3/contribs10/0107-CVE-2023-0286-X400.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Jan 31 17:24:52 2024 UTC (9 months, 4 weeks ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Initial import

1 From 2f7530077e0ef79d98718138716bc51ca0cad658 Mon Sep 17 00:00:00 2001
2 From: Hugo Landau <hlandau@openssl.org>
3 Date: Tue, 17 Jan 2023 17:45:42 +0000
4 Subject: [PATCH 14/18] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address
5 (3.0)
6
7 Reviewed-by: Paul Dale <pauli@openssl.org>
8 Reviewed-by: Tomas Mraz <tomas@openssl.org>
9 ---
10 CHANGES.md | 19 +++++++++++++++++++
11 crypto/x509/v3_genn.c | 2 +-
12 include/openssl/x509v3.h.in | 2 +-
13 test/v3nametest.c | 8 ++++++++
14 4 files changed, 29 insertions(+), 2 deletions(-)
15
16 diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.c
17 index c0a7166cd0..1741c2d2f6 100644
18 --- a/crypto/x509/v3_genn.c
19 +++ b/crypto/x509/v3_genn.c
20 @@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
21 return -1;
22 switch (a->type) {
23 case GEN_X400:
24 - result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
25 + result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
26 break;
27
28 case GEN_EDIPARTY:
29 diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
30 index d00a66a343..c087e3cf92 100644
31 --- a/include/openssl/x509v3.h.in
32 +++ b/include/openssl/x509v3.h.in
33 @@ -154,7 +154,7 @@ typedef struct GENERAL_NAME_st {
34 OTHERNAME *otherName; /* otherName */
35 ASN1_IA5STRING *rfc822Name;
36 ASN1_IA5STRING *dNSName;
37 - ASN1_TYPE *x400Address;
38 + ASN1_STRING *x400Address;
39 X509_NAME *directoryName;
40 EDIPARTYNAME *ediPartyName;
41 ASN1_IA5STRING *uniformResourceIdentifier;
42 diff --git a/test/v3nametest.c b/test/v3nametest.c
43 index 6d2e2f8e27..0341995dde 100644
44 --- a/test/v3nametest.c
45 +++ b/test/v3nametest.c
46 @@ -644,6 +644,14 @@ static struct gennamedata {
47 0xb7, 0x09, 0x02, 0x02
48 },
49 15
50 + }, {
51 + /*
52 + * Regression test for CVE-2023-0286.
53 + */
54 + {
55 + 0xa3, 0x00
56 + },
57 + 2
58 }
59 };
60
61 --
62 2.39.1
63

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed