git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <viktor@openssl.org>
	Wed, 19 Jun 2024 11:04:11 +0000 (21:04 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 3 Sep 2024 10:03:11 +0000 (12:03 +0200)
commit	7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
tree	2e11040c249cd55733d1776e8181bfaf29dbd854	tree \| snapshot
parent	ff35957337cdb1b68478fc5d1e77a2fc7e5be012	commit \| diff

Avoid type errors in EAI-related name check logic.

The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more
obviously correct.

Fixes CVE-2024-6119

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 0890cd13d40fbc98f655f3974f466769caa83680)

crypto/x509/v3_utl.c		diff \| blob \| blame \| history
test/recipes/25-test_eai_data.t		diff \| blob \| blame \| history
test/recipes/25-test_eai_data/kdc-cert.pem	[new file with mode: 0644]	blob
test/recipes/25-test_eai_data/kdc-root-cert.pem	[new file with mode: 0644]	blob
test/recipes/25-test_eai_data/kdc.sh	[new file with mode: 0755]	blob