[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Sun May 20 07:50:11 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  6fc92032e02bb17cb7486e71aafdc1905497693a (commit)
      from  2392eb77d237684a32b1290fc9e3d0e2f3b08554 (commit)


- Log -----------------------------------------------------------------
commit 6fc92032e02bb17cb7486e71aafdc1905497693a
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 17 09:53:14 2018 +0200

    Restore check of |*xn| against |name| in X509_NAME_set
    
    A previous change of this function introduced a fragility when the
    destination happens to be the same as the source.  Such alias isn't
    recommended, but could still happen, for example in this kind of code:
    
        X509_NAME *subject = X509_get_issuer_name(x);
    
        /* ... some code passes ... */
    
        X509_set_issuer_name(x, subject);
    
    Fixes #4710
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6280)
    
    (cherry picked from commit c1c1783d45a5e91951e6328a820939d0256c841c)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x_name.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 0af5df5..8e717dc 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -472,6 +472,8 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
 
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 {
+    if (*xn == name)
+        return *xn != NULL;
     if ((name = X509_NAME_dup(name)) == NULL)
         return 0;
     X509_NAME_free(*xn);


More information about the openssl-commits mailing list