pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
94234ea7c9
shim/shim-fix-verify-eku.patch
Gary Ching-Pang Lin 6cefe7b10f Accepting request 834242 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-VLogError-Avoid-Null-pointer-dereferences.patch to fix
  VLogError crash in AArch64 (jsc#SLE-15824)
- Add shim-fix-verify-eku.patch to fix the potential crash at
  verify_eku() (jsc#SLE-15824)
- Add shim-do-not-write-string-literals.patch to fix the potential
  crash when accessing the DEFAULT_LOADER string (jsc#SLE-15824)

OBS-URL: https://build.opensuse.org/request/show/834242
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=166
2020-09-14 08:23:32 +00:00

33 lines
1.0 KiB
Diff
Raw Blame History

From 44b211bcf7ad58ff29e6495e1c3978e4660cb7d1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 15 Jan 2019 18:04:34 -0500
Subject: [PATCH] OpenSSL: always provide OBJ_create() with name strings.
Some versions of OpenSSL seem to go back and forth as to whether NULL
for these names are okay. Don't risk it.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: 46b76a01717
---
shim.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index a0eb19b..d7ee2b6 100644
--- a/shim.c
+++ b/shim.c
@@ -388,7 +388,9 @@ static BOOLEAN verify_eku(UINT8 *Cert, UINTN CertSize)
EXTENDED_KEY_USAGE *eku;
ASN1_OBJECT *module_signing;
- module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN, NULL, NULL));
+ module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN,
+ "modsign-eku",
+ "modsign-eku"));
x509 = d2i_X509 (NULL, &Temp, (long) CertSize);
if (x509 != NULL) {
--
2.28.0
Reference in New Issue View Git Blame Copy Permalink