git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <viktor@openssl.org>
	Wed, 19 Jun 2024 11:04:11 +0000 (21:04 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 3 Sep 2024 10:03:39 +0000 (12:03 +0200)
commit	06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6
tree	8037922c6988e69c749f51b2633fe163265e33d7	tree
parent	9aae56395aa8e77c44a9df83fd395a644d016635	commit \| diff

Avoid type errors in EAI-related name check logic.

The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more
obviously correct.

Fixes CVE-2024-6119

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 0890cd13d40fbc98f655f3974f466769caa83680)

crypto/x509/v3_utl.c		diff \| blob \| blame \| history
test/recipes/25-test_eai_data.t		diff \| blob \| blame \| history
test/recipes/25-test_eai_data/kdc-cert.pem	[new file with mode: 0644]	blob
test/recipes/25-test_eai_data/kdc-root-cert.pem	[new file with mode: 0644]	blob
test/recipes/25-test_eai_data/kdc.sh	[new file with mode: 0755]	blob