Pedro Monreal Gonzalez
b0d78d2994
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation
- openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
- openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
- Security fix: [bsc#1250232 CVE-2025-9230]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=160
49 lines
1.9 KiB
Diff
49 lines
1.9 KiB
Diff
From 41be0f216404f14457bbf3b9cc488dba60b49296 Mon Sep 17 00:00:00 2001
|
|
From: Norbert Pocs <norbertp@openssl.org>
|
|
Date: Thu, 11 Dec 2025 12:49:00 +0100
|
|
Subject: [PATCH] Check return code of UTF8_putc
|
|
|
|
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
|
|
|
|
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
|
|
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/29376)
|
|
---
|
|
crypto/asn1/a_strex.c | 6 ++++--
|
|
crypto/pkcs12/p12_utl.c | 5 +++++
|
|
2 files changed, 9 insertions(+), 2 deletions(-)
|
|
|
|
Index: openssl-3.5.0/crypto/asn1/a_strex.c
|
|
===================================================================
|
|
--- openssl-3.5.0.orig/crypto/asn1/a_strex.c
|
|
+++ openssl-3.5.0/crypto/asn1/a_strex.c
|
|
@@ -204,8 +204,10 @@ static int do_buf(unsigned char *buf, in
|
|
orflags = CHARTYPE_LAST_ESC_2253;
|
|
if (type & BUF_TYPE_CONVUTF8) {
|
|
unsigned char utfbuf[6];
|
|
- int utflen;
|
|
- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
|
|
+ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
|
|
+
|
|
+ if (utflen < 0)
|
|
+ return -1; /* error happened with UTF8 */
|
|
for (i = 0; i < utflen; i++) {
|
|
/*
|
|
* We don't need to worry about setting orflags correctly
|
|
Index: openssl-3.5.0/crypto/pkcs12/p12_utl.c
|
|
===================================================================
|
|
--- openssl-3.5.0.orig/crypto/pkcs12/p12_utl.c
|
|
+++ openssl-3.5.0/crypto/pkcs12/p12_utl.c
|
|
@@ -206,6 +206,11 @@ char *OPENSSL_uni2utf8(const unsigned ch
|
|
/* re-run the loop emitting UTF-8 string */
|
|
for (asclen = 0, i = 0; i < unilen; ) {
|
|
j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
|
|
+ /* when UTF8_putc fails */
|
|
+ if (j < 0) {
|
|
+ OPENSSL_free(asctmp);
|
|
+ return NULL;
|
|
+ }
|
|
if (j == 4) i += 4;
|
|
else i += 2;
|
|
asclen += j;
|