From: Dr. David von Oheimb <dev@ddvo.net>
Date: Thu, 28 Aug 2025 16:33:06 +0000 (+0200)
Subject: X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access
X-Git-Tag: openssl-3.0.18~49
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=89ce0ef97ef85b4f0b8069ee51a79632320670c9;p=thirdparty%2Fopenssl.git

X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28404)

(cherry picked from commit 4ed6cfce586f7a78c0e7e3d314c2b785ac16f1a9)
---

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 998ce8ac1ba..c2638804955 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -614,6 +614,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
 
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);