Date: Thu, 18 Feb 2021 17:47:37 GMT From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 2dcaecea30c0 - stable/11 - OpenSSL: Fix Null pointer deref in X509_issuer_and_serial_hash() Message-ID: <202102181747.11IHlbB9021167@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/11 has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=2dcaecea30c0258d0541aaf434df95d143d07c06 commit 2dcaecea30c0258d0541aaf434df95d143d07c06 Author: Jung-uk Kim <jkim@FreeBSD.org> AuthorDate: 2021-02-18 17:46:10 +0000 Commit: Jung-uk Kim <jkim@FreeBSD.org> CommitDate: 2021-02-18 17:46:10 +0000 OpenSSL: Fix Null pointer deref in X509_issuer_and_serial_hash() Note it is backported from OpenSSL 1.1.1j to fix CVE-2021-23841. https://github.com/openssl/openssl/commit/122a19ab48091c657f7cb1fb3af9fc07bd557bbf --- crypto/openssl/crypto/x509/x509_cmp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c index a7b90e6a42f5..62868f0c9c2e 100644 --- a/crypto/openssl/crypto/x509/x509_cmp.c +++ b/crypto/openssl/crypto/x509/x509_cmp.c @@ -87,6 +87,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) EVP_MD_CTX_init(&ctx); f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); + if (f == NULL) + goto err; if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102181747.11IHlbB9021167>