CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/03/15 16:52:17
Modified files:
lib/libssl/src/crypto/x509: x509_req.c
Log message:
Avoid a NULL pointer deref when X509_get_pubkey() returns NULL.
A NULL pointer could be dereferenced when X509_REQ_set_pubkey() calls
X509_PUBKEY_set() with pktmp.
OpenSSL says it's the fix for CVE-2015-0288, but there aren't any public
details yet to confirm. Either way, we should fix this.
Based on OpenSSL commit 28a00bcd8e318da18031b2ac8778c64147cd54f9
and BoringSSL commit 9d102ddbc0f6ed835ed12272a3d8a627d6a8e728.
"looks sane" beck@
ok miod@, bcook@
