Provide a certificate with a bad issuer and check that
X509_issuer_and_serial_hash doesn't crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of
of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected
it to be. If its something else then this can cause unexpected
behaviour. In the added fuzz test case an OOB read was occurring.
This issue was recently added by commit 4baee2d.
Credit to OSSFuzz for finding this issue.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.
Credit to OSS-Fuzz for finding this problem.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
