From: Matt Caswell Date: Thu, 26 Aug 2021 08:43:50 +0000 (+0100) Subject: Ensure that we check the ASN.1 type of an "otherName" before using it X-Git-Tag: openssl-3.0.0~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c7f8edfc1186a48463c14cfdc7f70456cbcb1cda;p=thirdparty%2Fopenssl.git Ensure that we check the ASN.1 type of an "otherName" before using it We should not assume that the type of an ASN.1 value is UTF8String as expected. We must actually check it, otherwise we could get a NULL ptr deref, or worse memory errors. Reported by David Benjamin. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16443) --- diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 5c63d2d9d84..a70917a39bd 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -901,12 +901,19 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, if (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox) { san_present = 1; - cstr = gen->d.otherName->value->value.utf8string; - /* Positive on success, negative on error! */ - if ((rv = do_check_string(cstr, 0, equal, flags, - chk, chklen, peername)) != 0) - break; + /* + * If it is not a UTF8String then that is unexpected and we + * treat it as no match + */ + if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { + cstr = gen->d.otherName->value->value.utf8string; + + /* Positive on success, negative on error! */ + if ((rv = do_check_string(cstr, 0, equal, flags, + chk, chklen, peername)) != 0) + break; + } } else continue; } else {