git: 2dcaecea30c0 - stable/11 - OpenSSL: Fix Null pointer deref in X509_issuer_and_serial_hash()
Jung-uk Kim
jkim at FreeBSD.org
Thu Feb 18 17:47:37 UTC 2021
The branch stable/11 has been updated by jkim:
URL: https://cgit.FreeBSD.org/src/commit/?id=2dcaecea30c0258d0541aaf434df95d143d07c06
commit 2dcaecea30c0258d0541aaf434df95d143d07c06
Author: Jung-uk Kim <jkim at FreeBSD.org>
AuthorDate: 2021-02-18 17:46:10 +0000
Commit: Jung-uk Kim <jkim at FreeBSD.org>
CommitDate: 2021-02-18 17:46:10 +0000
OpenSSL: Fix Null pointer deref in X509_issuer_and_serial_hash()
Note it is backported from OpenSSL 1.1.1j to fix CVE-2021-23841.
https://github.com/openssl/openssl/commit/122a19ab48091c657f7cb1fb3af9fc07bd557bbf
---
crypto/openssl/crypto/x509/x509_cmp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c
index a7b90e6a42f5..62868f0c9c2e 100644
--- a/crypto/openssl/crypto/x509/x509_cmp.c
+++ b/crypto/openssl/crypto/x509/x509_cmp.c
@@ -87,6 +87,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
EVP_MD_CTX_init(&ctx);
f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
+ if (f == NULL)
+ goto err;
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
More information about the dev-commits-src-all
mailing list