CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2020/12/08 08:06:42
Modified files:
lib/libcrypto/asn1: asn1.h asn1_err.c asn1_lib.c tasn_dec.c
tasn_enc.c
lib/libcrypto/x509: x509_genn.c
Log message:
Fix a NULL dereference in GENERAL_NAME_cmp()
Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
control both sides of the comparison.
Issue reported to OpenSSL on Nov 9 by David Benjamin.
OpenSSL shared the information with us on Dec 1st.
Fix from Matt Caswell (OpenSSL) with a few small tweaks.
ok jsing
