mirror of
https://github.com/openssl/openssl.git
synced 2025-02-11 14:22:43 +08:00
0890cd13d4
The incorrectly typed data is read only, used in a compare operation, so neither remote code execution, nor memory content disclosure were possible. However, applications performing certificate name checks were vulnerable to denial of service. The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on `gen->type`, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read. The code in question was lightly refactored with the intent to make it more obviously correct. Fixes CVE-2024-6119 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> |
||
|---|---|---|
| .. | ||
| ascii_chain.pem | ||
| ascii_leaf.pem | ||
| kdc-cert.pem | ||
| kdc-root-cert.pem | ||
| kdc.sh | ||
| san.ascii | ||
| san.utf8 | ||
| utf8_chain.pem | ||
| utf8_leaf.pem | ||