[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Mon May 21 09:33:58 UTC 2018


The branch OpenSSL_1_0_2-stable has been updated
       via  f2bb6b8d81944261f65e3231f6eb707a9185162a (commit)
      from  ec91c3db211c071248ef3a0b6dd9ef5ebdca5ab5 (commit)


- Log -----------------------------------------------------------------
commit f2bb6b8d81944261f65e3231f6eb707a9185162a
Author: Matt Caswell <matt at openssl.org>
Date:   Wed May 16 11:59:47 2018 +0100

    Fix undefined behaviour in X509_NAME_cmp()
    
    If the lengths of both names is 0 then don't attempt to do a memcmp.
    
    Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/6291)
    
    (cherry picked from commit 511190b691183a1fb160e7e05e2974dc73cab0c6)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_cmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 49c71b9..2d82f8f 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -219,7 +219,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 
     ret = a->canon_enclen - b->canon_enclen;
 
-    if (ret)
+    if (ret != 0 || a->canon_enclen == 0)
         return ret;
 
     return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);


More information about the openssl-commits mailing list