Reject setting invalid CSR versions

author Job Snijders <job@sobornost.net>

Mon, 25 Mar 2024 10:49:12 +0000 (10:49 +0000)

committer Neil Horman <nhorman@openssl.org>

Fri, 29 Mar 2024 19:48:00 +0000 (15:48 -0400)
author Job Snijders <job@sobornost.net>
Mon, 25 Mar 2024 10:49:12 +0000 (10:49 +0000)
committer Neil Horman <nhorman@openssl.org>
Fri, 29 Mar 2024 19:48:00 +0000 (15:48 -0400)
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c

index 344993d4c78c440e44bc01ee0023b41a71fbf640..0806b0c9000924ef8a49ef81dfb34ca0da1c7460 100644 (file)
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -17,8 +17,10 @@
  
  int X509_REQ_set_version(X509_REQ *x, long version)
  {
-    if (x == NULL)
+    if (x == NULL || version != X509_REQ_VERSION_1) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
          return 0;
+    }
      x->req_info.enc.modified = 1;
      return ASN1_INTEGER_set(x->req_info.version, version);
  }
author	Job Snijders <job@sobornost.net>
	Mon, 25 Mar 2024 10:49:12 +0000 (10:49 +0000)
committer	Neil Horman <nhorman@openssl.org>
	Fri, 29 Mar 2024 19:48:00 +0000 (15:48 -0400)