Paths

Table of Contentst

Diffusion FreeBSD src repository e60dbfd00b00

Avoid type errors in EAI-related name check logic.
e60dbfd00b00
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Avoid type errors in EAI-related name check logic.

The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on gen->type, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more
obviously correct.

CVE-2024-6119

(cherry picked from commit 1486960d6cdb052e4fc0109a56a0597b4e902ba1)

Details

Provenance

Viktor Dukhovni <viktor@openssl.org>	Authored on Jun 19 2024, 11:04 AM
gordon	Committed on Sep 1 2024, 10:50 PM

Parents

rG1070e7dca822: Import OpenSSL 3.0.14

Branches

Unknown

Tags

Unknown

Event Timeline

gordon committed rGe60dbfd00b00: Avoid type errors in EAI-related name check logic. (authored by Viktor Dukhovni <viktor@openssl.org>).Sep 1 2024, 10:50 PM

gordon mentioned this in rGfbd465f26340: openssl: Bring over fix for CVE-2024-6119 from vendor/openssl-3.0..Sep 3 2024, 4:50 PM

Changes (5)

Path

Size

crypto/

x509/

test/

recipes/

25-test_eai_data.t

25-test_eai_data/

kdc-root-cert.pem

rGe60dbfd00b00

crypto/x509/v3_utl.c

Loading...

test/recipes/25-test_eai_data.t

Loading...

test/recipes/25-test_eai_data/kdc-cert.pem

Loading...

test/recipes/25-test_eai_data/kdc-root-cert.pem

Loading...

test/recipes/25-test_eai_data/kdc.sh

Loading...