projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cded5d0) | patch
Fix type confusion in nc_match_single()
authorViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 13 Dec 2022 07:49:13 +0000 (08:49 +0100)
committerTomas Mraz <tomas@openssl.org>
Tue, 7 Feb 2023 16:05:10 +0000 (17:05 +0100)
commit748f478f814bc8e418542c68599ec7dbcbac97b2
tree03b84aeab075c441d56dcfcf7627f006d5b7d9b7tree | snapshot
parentcded5d05253df6eb29e025ab25d763805493479acommit | diff
Fix type confusion in nc_match_single()

This function assumes that if the "gen" is an OtherName, then the "base"
is a rfc822Name constraint. This assumption is not true in all cases.
If the end-entity certificate contains an OtherName SAN of any type besides
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
OtherName (of any type), then "nc_email_eai" will be invoked, with the
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.

Reported by Corey Bonnell from Digicert.

CVE-2022-4203

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/x509/v3_ncons.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.