From 4ed6cfce586f7a78c0e7e3d314c2b785ac16f1a9 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <dev@ddvo.net>
Date: Thu, 28 Aug 2025 18:33:06 +0200
Subject: [PATCH] X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound
 table access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28404)
---
 crypto/x509/x509_vpm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 023a38a1c9f..9079953c3f5 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -629,6 +629,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
 
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);
-- 
2.47.3