[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Sun May 20 07:50:11 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 6fc92032e02bb17cb7486e71aafdc1905497693a (commit)
from 2392eb77d237684a32b1290fc9e3d0e2f3b08554 (commit)
- Log -----------------------------------------------------------------
commit 6fc92032e02bb17cb7486e71aafdc1905497693a
Author: Richard Levitte <levitte at openssl.org>
Date: Thu May 17 09:53:14 2018 +0200
Restore check of |*xn| against |name| in X509_NAME_set
A previous change of this function introduced a fragility when the
destination happens to be the same as the source. Such alias isn't
recommended, but could still happen, for example in this kind of code:
X509_NAME *subject = X509_get_issuer_name(x);
/* ... some code passes ... */
X509_set_issuer_name(x, subject);
Fixes #4710
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6280)
(cherry picked from commit c1c1783d45a5e91951e6328a820939d0256c841c)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_name.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 0af5df5..8e717dc 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -472,6 +472,8 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{
+ if (*xn == name)
+ return *xn != NULL;
if ((name = X509_NAME_dup(name)) == NULL)
return 0;
X509_NAME_free(*xn);
More information about the openssl-commits
mailing list