X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access

author Dr. David von Oheimb <dev@ddvo.net>

Thu, 28 Aug 2025 16:33:06 +0000 (18:33 +0200)

committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Mon, 1 Sep 2025 13:31:33 +0000 (15:31 +0200)
author Dr. David von Oheimb <dev@ddvo.net>
Thu, 28 Aug 2025 16:33:06 +0000 (18:33 +0200)
committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Mon, 1 Sep 2025 13:31:33 +0000 (15:31 +0200)
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c

index 023a38a1c9fc80464bf80687228ff485afd46342..9079953c3f5c633e6976d7f5c6ac54e289ecfc85 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -629,6 +629,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
  {
      int num = OSSL_NELEM(default_table);
  
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
      if (id < num)
          return default_table + id;
      return sk_X509_VERIFY_PARAM_value(param_table, id - num);
author	Dr. David von Oheimb <dev@ddvo.net>
	Thu, 28 Aug 2025 16:33:06 +0000 (18:33 +0200)
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Mon, 1 Sep 2025 13:31:33 +0000 (15:31 +0200)