[openssl] OpenSSL_1_1_1-stable update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Mon Dec 21 14:28:00 UTC 2020
The branch OpenSSL_1_1_1-stable has been updated
via 64a1b940d2b640e5edf0feae90e81bbb6b4941e7 (commit)
from 5a5d87a936ceeca1648288e1efe4296687193b16 (commit)
- Log -----------------------------------------------------------------
commit 64a1b940d2b640e5edf0feae90e81bbb6b4941e7
Author: Ingo Schwarze <schwarze at openbsd.org>
Date: Fri Jun 5 00:30:00 2020 +0200
Fix NULL pointer access caused by X509_ATTRIBUTE_create()
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return
failure rather than silently constructing a broken X509_ATTRIBUTE object
that might cause NULL pointer accesses later on. This matters because
X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3)
and the NID comes straight from the user.
This bug was found while working on LibreSSL documentation.
Reviewed-by: Theo Buehler <tb at openbsd.org>
CLA: trivial
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12052)
(cherry picked from commit c4b2c53fadb158bee34aef90d5a7d500aead1f70)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_attrib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 813c5b01c3..7342c4f6bc 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
{
X509_ATTRIBUTE *ret = NULL;
ASN1_TYPE *val = NULL;
+ ASN1_OBJECT *oid;
+ if ((oid = OBJ_nid2obj(nid)) == NULL)
+ return NULL;
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return NULL;
- ret->object = OBJ_nid2obj(nid);
+ ret->object = oid;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
if (!sk_ASN1_TYPE_push(ret->set, val))
More information about the openssl-commits
mailing list