Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past

author Dr. Stephen Henson <steve@openssl.org>

Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)
diff --git a/CHANGES b/CHANGES

index b3d4c06c00ce7821857b422ef2f80b26ea61efc2..66e980094816d053e67466b71dd4102aa8fc2731 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -431,8 +431,12 @@
  
   Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
  
  
   Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
  
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl@velox.ch>]
+
    *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
    *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
-     for multi-threaded use of ECDH.
+     for multi-threaded use of ECDH. (CVE-2011-3210)
       [Adam Langley (Google)]
  
    *) Fix x509_name_ex_d2i memory leak on bad inputs.
       [Adam Langley (Google)]
  
    *) Fix x509_name_ex_d2i memory leak on bad inputs.
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c

index 64df4d34a122a5bf83d046555cf300a8c7cb71e7..b32c47b31b9a95b5d7a695d99c872b9b6938c316 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -745,6 +745,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         x = sk_X509_value(ctx->chain, cnum);
         ctx->current_cert = x;
         ctx->current_issuer = NULL;
         x = sk_X509_value(ctx->chain, cnum);
         ctx->current_cert = x;
         ctx->current_issuer = NULL;
+       ctx->current_crl_score = 0;
         ctx->current_reasons = 0;
         while (ctx->current_reasons != CRLDP_ALL_REASONS)
                 {
         ctx->current_reasons = 0;
         while (ctx->current_reasons != CRLDP_ALL_REASONS)
                 {
@@ -2057,6 +2058,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
         ctx->error_depth=0;
         ctx->current_cert=NULL;
         ctx->current_issuer=NULL;
         ctx->error_depth=0;
         ctx->current_cert=NULL;
         ctx->current_issuer=NULL;
+       ctx->current_crl=NULL;
+       ctx->current_crl_score=0;
+       ctx->current_reasons=0;
         ctx->tree = NULL;
         ctx->parent = NULL;
  
         ctx->tree = NULL;
         ctx->parent = NULL;
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)
CHANGES		patch \| blob \| history
crypto/x509/x509_vfy.c		patch \| blob \| history