git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <viktor@openssl.org>
	Wed, 19 Jun 2024 11:04:11 +0000 (21:04 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 3 Sep 2024 09:58:40 +0000 (11:58 +0200)
commit	0890cd13d40fbc98f655f3974f466769caa83680
tree	5b1d7322e3324714104f36b75fb6879083d8b493	tree
parent	56502897431d785ab93cdffd6857a667fe2b6d20	commit \| diff

Avoid type errors in EAI-related name check logic.

The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more
obviously correct.

Fixes CVE-2024-6119

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

crypto/x509/v3_utl.c		diff \| blob \| blame \| history
test/recipes/25-test_eai_data.t		diff \| blob \| blame \| history
test/recipes/25-test_eai_data/kdc-cert.pem	[new file with mode: 0644]	blob
test/recipes/25-test_eai_data/kdc-root-cert.pem	[new file with mode: 0644]	blob
test/recipes/25-test_eai_data/kdc.sh	[new file with mode: 0755]	blob