projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 36d85b0) | patch
Fix type confusion in nc_match_single()
authorViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 13 Dec 2022 07:49:13 +0000 (08:49 +0100)
committerTomas Mraz <tomas@openssl.org>
Thu, 2 Feb 2023 16:45:00 +0000 (17:45 +0100)
commitc927a3492698c254637da836762f9b1f86cffabc
treed0002f00517bf6f8ab2188648c7acbd7b5556bd3tree | snapshot
parent36d85b02cef2ca34253619acae35623989258277commit | diff
Fix type confusion in nc_match_single()

This function assumes that if the "gen" is an OtherName, then the "base"
is a rfc822Name constraint. This assumption is not true in all cases.
If the end-entity certificate contains an OtherName SAN of any type besides
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
OtherName (of any type), then "nc_email_eai" will be invoked, with the
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.

Reported by Corey Bonnell from Digicert.

CVE-2022-4203

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/x509/v3_ncons.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.