From: Dr. David von Oheimb <dev@ddvo.net>
Date: Thu, 28 Aug 2025 16:33:06 +0000 (+0200)
Subject: X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access
X-Git-Tag: openssl-3.5.3~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e9498b5c7f9f90522a8755fd15bc06c6605ef1e;p=thirdparty%2Fopenssl.git

X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28370)

(cherry picked from commit ceb45f64bde3d299c7ef529e5cd5372e4a421366)
---

diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index 4688aaeea41..1db22047cf0 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -186,7 +186,7 @@ int X509_PURPOSE_add(int id, int trust, int flags,
         return 0;
     }
     if (trust < X509_TRUST_DEFAULT || name == NULL || sname == NULL || ck == NULL) {
-        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
     }
 
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 6f1cfd9320e..efe08ff6831 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -635,6 +635,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
 
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);