Overview

File openssl-CVE-2026-28388.patch of Package openssl-3

commit 6297bdc962e9f2ecb436e26dc51f4fff653a0a89
Author: Daniel Kubec <kubec@openssl.org>
Date:   Tue Mar 17 11:11:22 2026 +0100

    Fix NULL Dereference When Delta CRL Lacks CRL Number Extension
    
    Fixes CVE-2026-28388
    Fixes https://github.com/openssl/srt/issues/77

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 827a7663aa..f2b88524b6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1578,6 +1578,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
     if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
         return 0;
     /* Delta CRL number must exceed full CRL number */
+    if (delta->crl_number == NULL)
+        return 0;
     return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
 }
openSUSE Build Service is sponsored by
Places