File openssl-CVE-2023-0286.patch of Package openssl-1_1.34285
commit a72082b1fd459bc6355c0d6e0ac5f28a34ae73b0
Author: Hugo Landau <hlandau@openssl.org>
Date: Tue Jan 17 17:45:42 2023 +0000
CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1)
--- a/crypto/x509v3/v3_genn.c
+++ a/crypto/x509v3/v3_genn.c
@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
return -1;
switch (a->type) {
case GEN_X400:
- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
break;
case GEN_EDIPARTY:
--- a/include/openssl/x509v3.h
+++ a/include/openssl/x509v3.h
@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st {
OTHERNAME *otherName; /* otherName */
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
- ASN1_TYPE *x400Address;
+ ASN1_STRING *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;
--- a/test/v3nametest.c
+++ a/test/v3nametest.c
@@ -646,6 +646,16 @@ static struct gennamedata {
0xb7, 0x09, 0x02, 0x02
},
15
+ }, {
+ /*
+ * Malformed encoding of a `[3] ORAddress`.
+ * Regression test for CVE-2023-0286.
+ */
+ {
+ 0xa3, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c,
+ 0xef, 0xcd, 0xab, 0x89, 0x67, 0x45, 0x23, 0x01,
+ },
+ 16
}
};