Overview

File openssl-CVE-2017-3735.patch of Package openssl

commit 31c8b265591a0aaa462a1f3eb5770661aaac67db
Author: Rich Salz <rsalz@openssl.org>
Date:   Tue Aug 22 11:44:41 2017 -0400

    Avoid out-of-bounds read
    
    Fixes CVE 2017-3735
    
    Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
    (Merged from https://github.com/openssl/openssl/pull/4276)
    
    (cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd)

diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 1290dec9bb..af080a04f2 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
  */
 unsigned int v3_addr_get_afi(const IPAddressFamily *f)
 {
-    return ((f != NULL &&
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
-            : 0);
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
 }
 
 /*
openSUSE Build Service is sponsored by
Places